Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hSyJxPUUDx.exe

Overview

General Information

Sample name:hSyJxPUUDx.exe
renamed because original name is a hash value
Original sample name:16818583c4ba879e690336aebce0c29befb05152dd1fe8925403a2ff1ec155c6.exe
Analysis ID:1571340
MD5:3db8cd76f170be3241b387fe5c70afab
SHA1:352ddb3951527fc961fcec98418ed639f581450b
SHA256:16818583c4ba879e690336aebce0c29befb05152dd1fe8925403a2ff1ec155c6
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
AI detected suspicious sample
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • hSyJxPUUDx.exe (PID: 6440 cmdline: "C:\Users\user\Desktop\hSyJxPUUDx.exe" MD5: 3DB8CD76F170BE3241B387FE5C70AFAB)
    • hSyJxPUUDx.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\hSyJxPUUDx.exe" MD5: 3DB8CD76F170BE3241B387FE5C70AFAB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.6% probability
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7ED00 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,_Py_Dealloc,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,PyMem_Free,2_2_00007FFE74D7ED00
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73D10 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptHashSessionKey,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D73D10
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7D0F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyDetachedMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,free,free,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFE74D7D0F0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7C8D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFE74D7C8D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D750A0 _PyArg_ParseTupleAndKeywords_SizeT,CryptGenKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D750A0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74880 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D74880
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7AC80 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_SetString,PyExc_TypeError,PyErr_SetString,PyArg_ParseTuple,PyLong_AsLong,PyErr_Occurred,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyBytes_AsString,PyEval_SaveThread,CryptFindOIDInfo,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D7AC80
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75890 _PyArg_ParseTupleAndKeywords_SizeT,malloc,PyExc_MemoryError,PyErr_Format,memset,memcpy,CryptGenRandom,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFE74D75890
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75C70 _PyArg_ParseTupleAndKeywords_SizeT,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFE74D75C70
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74440 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptExportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportKey,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFE74D74440
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7A040 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptFindLocalizedName,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFE74D7A040
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74050 PyArg_ParseTupleAndKeywords,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_Format,PyBytes_FromStringAndSize,PyLong_FromUnsignedLong,free,2_2_00007FFE74D74050
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7AE30 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptGetKeyIdentifierProperty,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,LocalFree,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFE74D7AE30
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D759C0 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,CryptCreateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D759C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73DD0 PyArg_ParseTupleAndKeywords,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,2_2_00007FFE74D73DD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D745D0 PyArg_ParseTupleAndKeywords,CryptGetKeyParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetKeyParam,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,free,2_2_00007FFE74D745D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74DD0 CryptMsgClose,_Py_Dealloc,2_2_00007FFE74D74DD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D79DD0 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,2_2_00007FFE74D79DD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D791D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptProtectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyMem_Free,2_2_00007FFE74D791D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75DB0 _PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,_PyArg_ParseTupleAndKeywords_SizeT,CryptImportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D75DB0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7B1B0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,PyEval_SaveThread,CryptEnumKeyIdentifierProperties,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFE74D7B1B0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7C5B0 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,CertFreeCertificateContext,free,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D7C5B0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74D80 CryptMsgClose,_Py_Dealloc,2_2_00007FFE74D74D80
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75180 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetProvParam,malloc,PyExc_MemoryError,PyErr_Format,CryptGetProvParam,PyExc_NotImplementedError,PyErr_SetString,free,CryptGetProvParam,PyBool_FromLong,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,CryptGetProvParam,GetLastError,malloc,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D75180
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7E570 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D7E570
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74D40 CryptMsgClose,_Py_Dealloc,2_2_00007FFE74D74D40
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D79940 PyList_New,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFE74D79940
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D72D50 PyExc_ValueError,PyErr_SetString,PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptAcquireCertificatePrivateKey,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,CryptContextAddRef,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,Py_BuildValue,2_2_00007FFE74D72D50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7CD50 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptGetMessageSignerCount,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyLong_FromLong,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D7CD50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74F20 CryptReleaseContext,2_2_00007FFE74D74F20
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73F20 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptVerifySignatureW,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D73F20
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D79F30 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptSetProviderExW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFE74D79F30
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D75B00
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74F10 CryptReleaseContext,2_2_00007FFE74D74F10
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73B10 CryptDestroyHash,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D73B10
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D742E0 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFE74D742E0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7B6E0 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_Format,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptQueryObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,Py_BuildValue,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFE74D7B6E0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7D6E0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,_Py_NoneStruct,PyExc_NotImplementedError,PyErr_SetString,strcmp,malloc,PyExc_MemoryError,PyErr_Format,strcmp,PyExc_NotImplementedError,PyErr_Format,PyErr_Format,malloc,PyEval_SaveThread,CryptEncodeObjectEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,strcmp,free,LocalFree,2_2_00007FFE74D7D6E0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7D2F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,2_2_00007FFE74D7D2F0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73AA0 CryptDestroyHash,2_2_00007FFE74D73AA0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74290 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFE74D74290
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7BA90 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,CertFreeCertificateContext,2_2_00007FFE74D7BA90
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73A60 CryptDestroyHash,2_2_00007FFE74D73A60
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74E70 CryptMsgClose,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFE74D74E70
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73A70 CryptDestroyHash,2_2_00007FFE74D73A70
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7CE40 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,free,free,2_2_00007FFE74D7CE40
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74A50 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,malloc,PyErr_NoMemory,memcpy,CryptDecrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D74A50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73C20 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptHashData,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D73C20
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75020 _PyArg_ParseTupleAndKeywords_SizeT,CryptReleaseContext,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D75020
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D79430 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptUnprotectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyBytes_FromStringAndSize,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,LocalFree,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFE74D79430
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74400 CryptDestroyKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFE74D74400
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7C000 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,_Py_Dealloc,??1PyWinBufferView@@QEAA@XZ,memset,CertDuplicateCertificateContext,_Py_Dealloc,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_ValueError,PyExc_TypeError,PyErr_SetString,CertFreeCertificateContext,free,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,2_2_00007FFE74D7C000
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7CBD0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,CryptGetMessageCertificates,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,PyLong_FromVoidPtr,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D7CBD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7B3D0 PyArg_ParseTupleAndKeywords,PyList_New,PyEval_SaveThread,CryptEnumOIDInfo,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D7B3D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D757A1 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetUserKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D757A1
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D797B0 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptAcquireContextW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFE74D797B0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D79B80 PyList_New,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,_Py_NoneStruct,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFE74D79B80
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7476B PyArg_ParseTupleAndKeywords,CryptDuplicateKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D7476B
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7EB70 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D7EB70
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74340 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFE74D74340
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7C340 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,CertCloseStore,free,2_2_00007FFE74D7C340
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D73B50 PyArg_ParseTupleAndKeywords,CryptDuplicateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFE74D73B50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D74F50 CryptReleaseContext,2_2_00007FFE74D74F50
Source: hSyJxPUUDx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547750000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3582788674.00007FFE78615000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75D19000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: hSyJxPUUDx.exe, 00000000.00000003.2342558298.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586595874.00007FFE99E63000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: hSyJxPUUDx.exe, 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmp, pywintypes312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342699219.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmp, pywintypes312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3586387294.00007FFE957E1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3584840684.00007FFE8F597000.00000002.00000001.01000000.00000018.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585231479.00007FFE8FF88000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3584438433.00007FFE8F402000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585868615.00007FFE905AC000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586187475.00007FFE9444D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: ucrtbase.pdbUGP source: hSyJxPUUDx.exe, 00000002.00000002.3582788674.00007FFE78615000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585988393.00007FFE90B69000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: hSyJxPUUDx.exe, 00000000.00000003.2342699219.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3580987358.00007FFE76274000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75DB1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: hSyJxPUUDx.exe, 00000002.00000002.3582497256.00007FFE78514000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585413492.00007FFE8FFC6000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547750000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342558298.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586595874.00007FFE99E63000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75DB1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3586286347.00007FFE94AC3000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585868615.00007FFE905AC000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: hSyJxPUUDx.exe, 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585765553.00007FFE90583000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586087508.00007FFE92CA4000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586087508.00007FFE92CA4000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3584254835.00007FFE8E7AF000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3574161612.000001F3599D0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3582497256.00007FFE78514000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3585622253.00007FFE8FFDD000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0188D0 FindFirstFileExW,FindClose,0_2_00007FF69F0188D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F031EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69F031EE4
Source: Joe Sandbox ViewIP Address: 82.180.136.22 82.180.136.22
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: busquedasxurl.com
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://arxiv.org/abs/1805.10941.
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547756000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547756000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: hSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2395865652.000001F359FDD000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359C08000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2395485384.000001F359F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlw
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlf4
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547756000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576980917.000001F35B510000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3576980917.000001F35B510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3575740702.000001F35A8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: hSyJxPUUDx.exe, 00000002.00000002.3575664881.000001F35A760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: hSyJxPUUDx.exe, 00000002.00000002.3575664881.000001F35A760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: hSyJxPUUDx.exe, 00000002.00000003.2398837217.000001F35A102000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A102000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3575456284.000001F35A550000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: hSyJxPUUDx.exe, 00000002.00000002.3575456284.000001F35A550000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A2BE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400772882.000001F35A2CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A04A000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359BF9000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/BinomialDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/CauchyDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/GammaDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/HypergeometricDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/LaplaceDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/LogisticDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/NegativeBinomialDistribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/NoncentralF-Distribution.html
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://mathworld.wolfram.com/PoissonDistribution.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esnfo
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547756000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547756000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547757000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: hSyJxPUUDx.exe, 00000002.00000002.3575740702.000001F35A8C0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://pracrand.sourceforge.net/RNG_engines.txt
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/U
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/d
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/p
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: hSyJxPUUDx.exe, 00000002.00000002.3575664881.000001F35A760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/J
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/orators:
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.inference.org.uk/mackay/itila/
Source: _mt19937.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/JUMP/
Source: _pcg64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/
Source: bit_generator.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
Source: _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: http://www.pcg-random.org/posts/random-invertible-mapping-statistics.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: hSyJxPUUDx.exe, 00000002.00000002.3577524581.000001F35BB90000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/file/bot
Source: hSyJxPUUDx.exe, 00000002.00000002.3575265608.000001F35A340000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2394811467.000001F359C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: hSyJxPUUDx.exe, 00000002.00000002.3577524581.000001F35BC3C000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/probar/config.txt
Source: hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A2BE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400772882.000001F35A2CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/probar/config.txtc
Source: hSyJxPUUDx.exe, hSyJxPUUDx.exe, 00000002.00000002.3578656137.00007FFE7503D000.00000002.00000001.01000000.00000030.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#Chatshared
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#addstickertoset
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#animation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#answercallbackquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#answerinlinequery
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#answerprecheckoutquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#answershippingquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#answerwebappquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#approvechatjoinrequest
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#audio
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#banchatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#banchatsenderchat
Source: hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A2BE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommand
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopeallchatadministrators
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopeallgroupchats
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopeallprivatechats
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BB4C000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopechat
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopechatadministrators
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopechatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botcommandscopedefault
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botdescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2402774035.000001F35BA8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botname
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD4000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#botshortdescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#callbackquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chat
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatadministratorrights
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatinvitelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatjoinrequest
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAE0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatlocation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberadministrator
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberbanned
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberleft
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmembermember
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberowner
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberrestricted
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatmemberupdated
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatpermissions
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#chatphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#choseninlineresult
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#close
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#closeforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#closegeneralforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#contact
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#copymessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#createchatinvitelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#createforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#createinvoicelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#createnewstickerset
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#declinechatjoinrequest
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletechatphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletechatstickerset
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deleteforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletemessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletemycommands
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletestickerfromset
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#deletewebhook
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#dice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#document
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editchatinvitelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editgeneralforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editmessagecaption
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editmessagelivelocation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editmessagemedia
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editmessagereplymarkup
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#editmessagetext
Source: hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A271000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#exportchatinvitelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#file
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forcereply
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BB4C000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forumtopicclosed
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forumtopiccreated
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forumtopicedited
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BB4C000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forumtopicreopened
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#forwardmessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0D0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#game
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#gamehighscore
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAE0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#generalforumtopichidden
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#generalforumtopicunhidden
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getchat
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getchatadministrators
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getchatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getchatmembercount
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getchatmenubutton
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getfile
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getforumtopiciconstickers
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getgamehighscores
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getme
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getmycommands
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getmydefaultadministratorrights
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getmydescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getmyname
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getmyshortdescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getstickerset
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getupdates
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getuserprofilephotos
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#getwebhookinfo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#hidegeneralforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD75000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinekeyboardbutton
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinekeyboardmarkup
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequery
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresult
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultarticle
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultaudio
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedaudio
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcacheddocument
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedgif
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedmpeg4gif
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedsticker
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedvideo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcachedvoice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultcontact
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultdocument
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultgame
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultgif
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultlocation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultmpeg4gif
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2402774035.000001F35BA8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultsbutton
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultvenue
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultvideo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inlinequeryresultvoice
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputcontactmessagecontent
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputinvoicemessagecontent
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputlocationmessagecontent
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputmediaanimation
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputmediaaudio
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputmediadocument
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputmediaphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputmediavideo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputtextmessagecontent
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#inputvenuemessagecontent
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#invoice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#keyboardbutton
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#keyboardbuttonpolltype
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#keyboardbuttonrequestchat
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#keyboardbuttonrequestuser
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#labeledprice
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#leavechat
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#location
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#loginurl
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#logout
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#maskposition
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD4000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#menubuttoncommands
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD4000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#menubuttondefault
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#menubuttonwebapp
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#message
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#messageautodeletetimerchanged
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#messageentity
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#messageid
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#orderinfo
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#photosize
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#pinchatmessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#poll
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE8E000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#pollanswer
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#polloption
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#precheckoutquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#promotechatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#proximityalerttriggered
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#reopenforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#reopengeneralforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#replykeyboardmarkup
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#replykeyboardremove
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#restrictchatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#revokechatinvitelink
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendanimation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendaudio
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendchataction
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendcontact
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#senddice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#senddocument
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendgame
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendinvoice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendlocation
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendmediagroup
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendmessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendpoll
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendsticker
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendvenue
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendvideo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendvideonote
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sendvoice
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sentwebappmessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatadministratorcustomtitle
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatdescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatmenubutton
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatpermissions
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatphoto
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchatstickerset
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setchattitle
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setgamescore
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setmycommands
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setmydefaultadministratorrights
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setmydescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setmyname
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setmyshortdescription
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setstickerpositioninset
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setstickersetthumb
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#setwebhook
Source: hSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#shippingaddress
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#shippingoption
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#shippingquery
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#sticker
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#stickerset
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#stopmessagelivelocation
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#stoppoll
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#successfulpayment
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unbanchatmember
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unbanchatsenderchat
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unhidegeneralforumtopic
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unpinAllGeneralForumTopicMessages
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unpinallchatmessages
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unpinallforumtopicmessages
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#unpinchatmessage
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#update
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#uploadstickerfile
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#user
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAE0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#userprofilephotos
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#usershared
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#venue
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#video
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#videochatended
Source: hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#videochatparticipantsinvited
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#videochatscheduled
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#videonote
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#voice
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#webappdata
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#webappinfo
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#webhookinfo
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/api#writeaccessallowed
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/bots/payments#supported-currencies
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/stickers
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/stickers#animated-sticker-requirements
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://core.telegram.org/stickers#video-sticker-requirements
Source: METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2395485384.000001F359F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: hSyJxPUUDx.exe, 00000002.00000003.2392084875.000001F359B54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: bit_generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://gist.github.com/imneme/540829265469e673d045
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: hSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/eternnoir/pyTelegramBotAPI/tree/master/examples
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: hSyJxPUUDx.exe, hSyJxPUUDx.exe, 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.dr, win32pdh.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: hSyJxPUUDx.exe, 00000002.00000002.3575265608.000001F35A340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: hSyJxPUUDx.exe, 00000002.00000002.3574443677.000001F359D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: hSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
Source: hSyJxPUUDx.exe, 00000002.00000003.2388513202.000001F3596C3000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573730318.000001F3595EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: hSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: hSyJxPUUDx.exe, 00000002.00000003.2392572114.000001F359B8F000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2394811467.000001F359C3A000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2392426301.000001F359F90000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
Source: hSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: hSyJxPUUDx.exe, 00000002.00000002.3576980917.000001F35B510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A102000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: hSyJxPUUDx.exe, 00000002.00000002.3574514279.000001F359E40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: _sfc64.cp312-win_amd64.pyd.0.drString found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
Source: hSyJxPUUDx.exe, 00000002.00000002.3575456284.000001F35A550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: hSyJxPUUDx.exe, 00000002.00000002.3575456284.000001F35A550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: hSyJxPUUDx.exe, 00000002.00000002.3575265608.000001F35A340000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574514279.000001F359E40000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2394811467.000001F359C3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: hSyJxPUUDx.exe, 00000002.00000002.3574443677.000001F359D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: hSyJxPUUDx.exe, 00000002.00000002.3580987358.00007FFE76274000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_67.htm
Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_69.htm
Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_79.htm
Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_83.htm
Source: _multiarray_umath.cp312-win_amd64.pyd.0.drString found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_86.htm
Source: hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
Source: METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioe
Source: hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: hSyJxPUUDx.exe, 00000002.00000003.2399321013.000001F35A2D7000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398757061.000001F35AB01000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398786423.000001F35A2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: hSyJxPUUDx.exe, 00000002.00000003.2398786423.000001F35A2AD000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A2BE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2399321013.000001F35A2D7000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398720357.000001F35A2E5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400772882.000001F35A2CC000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398757061.000001F35AB01000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398786423.000001F35A2D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: hSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: hSyJxPUUDx.exe, 00000002.00000003.2398720357.000001F35A2E5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398757061.000001F35AB01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#
Source: hSyJxPUUDx.exe, 00000002.00000003.2398720357.000001F35A2E5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398757061.000001F35AB01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
Source: hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.org)
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A102000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADCF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://web.archive.org/web/20090423014010/http://www.brighton-webs.co.uk:80/distributions/wald.asp
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: _pcg64.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.cs.hmc.edu/tr/hmc-cs-2014-0905.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/handbook/eda/section3/eda3666.htm
Source: _generator.cp312-win_amd64.pyd.0.drString found in binary or memory: https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
Source: hSyJxPUUDx.exe, 00000002.00000002.3582541821.00007FFE7854F000.00000002.00000001.01000000.00000012.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3580509948.00007FFE75E5A000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
Source: hSyJxPUUDx.exe, 00000002.00000003.2400577441.000001F35AB20000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: hSyJxPUUDx.exe, 00000002.00000002.3573730318.000001F359570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: hSyJxPUUDx.exe, 00000002.00000002.3581567787.00007FFE763EC000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: hSyJxPUUDx.exe, 00000002.00000002.3580987358.00007FFE76274000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.c
Source: hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D75B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFE74D75B00
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0363700_2_00007FF69F036370
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0372BC0_2_00007FF69F0372BC
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0179500_2_00007FF69F017950
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0218800_2_00007FF69F021880
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0220A00_2_00007FF69F0220A0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F011F500_2_00007FF69F011F50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F030F380_2_00007FF69F030F38
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F018FD00_2_00007FF69F018FD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F039FF80_2_00007FF69F039FF8
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F02E01C0_2_00007FF69F02E01C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F021E940_2_00007FF69F021E94
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0286D00_2_00007FF69F0286D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0236E00_2_00007FF69F0236E0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F031EE40_2_00007FF69F031EE4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F025F300_2_00007FF69F025F30
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F03471C0_2_00007FF69F03471C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F022D500_2_00007FF69F022D50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F036D700_2_00007FF69F036D70
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0365EC0_2_00007FF69F0365EC
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F021C900_2_00007FF69F021C90
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F02E4B00_2_00007FF69F02E4B0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027C980_2_00007FF69F027C98
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F02A4300_2_00007FF69F02A430
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F030F380_2_00007FF69F030F38
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0342800_2_00007FF69F034280
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F021A840_2_00007FF69F021A84
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0222A40_2_00007FF69F0222A4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F023AE40_2_00007FF69F023AE4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F02EB300_2_00007FF69F02EB30
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D791D02_2_00007FFE74D791D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D751802_2_00007FFE74D75180
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D794302_2_00007FFE74D79430
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7502B4502_2_00007FFE7502B450
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756D24302_2_00007FFE756D2430
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756D1FD02_2_00007FFE756D1FD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757835D02_2_00007FFE757835D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757016302_2_00007FFE75701630
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757525802_2_00007FFE75752580
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757245902_2_00007FFE75724590
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757885B02_2_00007FFE757885B0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756E74B12_2_00007FFE756E74B1
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7570E4D02_2_00007FFE7570E4D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756F34902_2_00007FFE756F3490
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7573B5302_2_00007FFE7573B530
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7570C5302_2_00007FFE7570C530
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756E45102_2_00007FFE756E4510
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7573A4902_2_00007FFE7573A490
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7570D7C02_2_00007FFE7570D7C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7572F7D02_2_00007FFE7572F7D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756E282E2_2_00007FFE756E282E
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757847502_2_00007FFE75784750
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7572A7702_2_00007FFE7572A770
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756FC8002_2_00007FFE756FC800
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757967802_2_00007FFE75796780
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757107902_2_00007FFE75710790
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757827A02_2_00007FFE757827A0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756E77C42_2_00007FFE756E77C4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756E47C02_2_00007FFE756E47C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE757876C02_2_00007FFE757876C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE758512F02_2_00007FFE758512F0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE758518A02_2_00007FFE758518A0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784448202_2_00007FFE78444820
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784445D02_2_00007FFE784445D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78451D802_2_00007FFE78451D80
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784524A02_2_00007FFE784524A0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784535502_2_00007FFE78453550
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784529C02_2_00007FFE784529C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78452EC02_2_00007FFE78452EC0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78451FF02_2_00007FFE78451FF0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784621102_2_00007FFE78462110
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78461D402_2_00007FFE78461D40
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78471F102_2_00007FFE78471F10
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE784721C02_2_00007FFE784721C0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: String function: 00007FFE756EA550 appears 41 times
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: String function: 00007FFE74D4C090 appears 47 times
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: String function: 00007FF69F012B30 appears 47 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: Number of sections : 19 > 10
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2344385952.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343382622.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2342699219.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343199286.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2342558298.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2344636124.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000002.3573514100.000002A547756000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32pdh.pyd0 vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exeBinary or memory string: OriginalFilename vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3582541821.00007FFE7854F000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3585802076.00007FFE90586000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3582842573.00007FFE78652000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586027689.00007FFE90B73000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3584330830.00007FFE8E7BB000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586636873.00007FFE99E69000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3574161612.000001F3599D0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3585311440.00007FFE8FF8F000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3584546561.00007FFE8F40D000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3584911639.00007FFE8F59E000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586225476.00007FFE94452000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3585526225.00007FFE8FFCB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3585927950.00007FFE905B5000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3585708146.00007FFE8FFF9000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586126326.00007FFE92CA7000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586431656.00007FFE957EE000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3581959713.00007FFE76515000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3580509948.00007FFE75E5A000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs hSyJxPUUDx.exe
Source: hSyJxPUUDx.exe, 00000002.00000002.3586326721.00007FFE94AC6000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs hSyJxPUUDx.exe
Source: classification engineClassification label: mal56.winEXE@3/143@1/1
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F018560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF69F018560
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7A8E1 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CertOpenSystemStoreW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NewReference,PyLong_FromVoidPtr,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFE74D7A8E1
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402Jump to behavior
Source: hSyJxPUUDx.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: hSyJxPUUDx.exe, hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile read: C:\Users\user\Desktop\hSyJxPUUDx.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\hSyJxPUUDx.exe "C:\Users\user\Desktop\hSyJxPUUDx.exe"
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess created: C:\Users\user\Desktop\hSyJxPUUDx.exe "C:\Users\user\Desktop\hSyJxPUUDx.exe"
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess created: C:\Users\user\Desktop\hSyJxPUUDx.exe "C:\Users\user\Desktop\hSyJxPUUDx.exe"Jump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: pywintypes312.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: hSyJxPUUDx.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: hSyJxPUUDx.exeStatic file information: File size 33138116 > 1048576
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: hSyJxPUUDx.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: hSyJxPUUDx.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2350594862.000002A547750000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3582788674.00007FFE78615000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2347002476.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75D19000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: hSyJxPUUDx.exe, 00000000.00000003.2342558298.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586595874.00007FFE99E63000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: hSyJxPUUDx.exe, 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmp, pywintypes312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343820775.000002A547749000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342699219.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmp, pywintypes312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3586387294.00007FFE957E1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343557346.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3584840684.00007FFE8F597000.00000002.00000001.01000000.00000018.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2347993369.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346356516.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2348552117.000002A547750000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342797853.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585231479.00007FFE8FF88000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3584438433.00007FFE8F402000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585868615.00007FFE905AC000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342918963.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586187475.00007FFE9444D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: ucrtbase.pdbUGP source: hSyJxPUUDx.exe, 00000002.00000002.3582788674.00007FFE78615000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2344136447.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585988393.00007FFE90B69000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: hSyJxPUUDx.exe, 00000000.00000003.2342699219.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3580987358.00007FFE76274000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75DB1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: hSyJxPUUDx.exe, 00000002.00000002.3582497256.00007FFE78514000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2343913097.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585413492.00007FFE8FFC6000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346631894.000002A547750000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2342558298.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586595874.00007FFE99E63000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3580268498.00007FFE75DB1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3586286347.00007FFE94AC3000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: hSyJxPUUDx.exe, 00000000.00000003.2343677905.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585868615.00007FFE905AC000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: hSyJxPUUDx.exe, 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2344021191.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3585765553.00007FFE90583000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586087508.00007FFE92CA4000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: hSyJxPUUDx.exe, 00000000.00000003.2346187676.000002A547749000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3586087508.00007FFE92CA4000.00000002.00000001.01000000.0000000E.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3584254835.00007FFE8E7AF000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3574161612.000001F3599D0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3582497256.00007FFE78514000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: hSyJxPUUDx.exe, 00000002.00000002.3585622253.00007FFE8FFDD000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
Source: hSyJxPUUDx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: hSyJxPUUDx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: hSyJxPUUDx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: hSyJxPUUDx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: hSyJxPUUDx.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: 0xC6F8D774 [Sun Oct 13 12:54:12 2075 UTC]
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D4DB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFE74D4DB00
Source: hSyJxPUUDx.exeStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: .xdata
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /4
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /19
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /31
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /45
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /57
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /70
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /81
Source: libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll.0.drStatic PE information: section name: /92
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F055004 push rsp; retf 0_2_00007FF69F055005
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA4AEE push 6FFDC5D5h; iretd 2_2_00007FFE74DA4AF4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA76D3 push 6FFDC5D5h; iretd 2_2_00007FFE74DA76D9
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA4640 push 60F5C5F1h; iretd 2_2_00007FFE74DA4648
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA7425 push 60F5C5F1h; iretd 2_2_00007FFE74DA742D
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA4FEA push 6FFDC5C3h; iretd 2_2_00007FFE74DA4FF0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA79CF push 6FFDC5C3h; iretd 2_2_00007FFE74DA79D5
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA4F9E push 6FFDC5CAh; ret 2_2_00007FFE74DA4FA4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74DA7983 push 6FFDC5CAh; ret 2_2_00007FFE74DA7989
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7572161E push rdx; iretd 2_2_00007FFE75721621

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess created: "C:\Users\user\Desktop\hSyJxPUUDx.exe"
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imaging.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32crypt.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\select.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingtk.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32\pywintypes312.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingmath.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingcms.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32pdh.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_webp.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA1.pydJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F016EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF69F016EF0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_pcg64.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imaging.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_umath.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32crypt.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_mt19937.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_sfc64.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\select.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\linalg\_umath_linalg.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_common.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingtk.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingmath.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingcms.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32pdh.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_philox.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\bit_generator.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\mtrand.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_generator.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_tests.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\fft\_pocketfft_internal.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_webp.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_bounded_integers.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16354
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeAPI coverage: 0.0 %
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F0188D0 FindFirstFileExW,FindClose,0_2_00007FF69F0188D0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F027E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69F027E4C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F031EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69F031EE4
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7502BC60 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc,2_2_00007FFE7502BC60
Source: cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F01C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69F01C57C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D4DB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFE74D4DB00
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F033AF0 GetProcessHeap,0_2_00007FF69F033AF0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F01C760 SetUnhandledExceptionFilter,0_2_00007FF69F01C760
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F01C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69F01C57C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F01BCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF69F01BCE0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F02ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69F02ABD8
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D34628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE74D34628
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D4F85C SetUnhandledExceptionFilter,2_2_00007FFE74D4F85C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D4E55C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE74D4E55C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D4F674 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE74D4F674
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D80554 SetUnhandledExceptionFilter,2_2_00007FFE74D80554
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D8036C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE74D8036C
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D7F768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE74D7F768
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7503BCC8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE7503BCC8
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE7503B360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE7503B360
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756D1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE756D1390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE756D1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE756D1960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE75853068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE75853068
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE75852AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE75852AA0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78441390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE78441390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78441960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE78441960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78451390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE78451390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78451960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE78451960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78461390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE78461390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78461960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE78461960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78471390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE78471390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78471960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE78471960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78481390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE78481390
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE78481960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE78481960
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeProcess created: C:\Users\user\Desktop\hSyJxPUUDx.exe "C:\Users\user\Desktop\hSyJxPUUDx.exe"Jump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D47CD0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FFE74D47CD0
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 2_2_00007FFE74D48B50 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FFE74D48B50
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F039E40 cpuid 0_2_00007FF69F039E40
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\numpy VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI64402\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeQueries volume information: C:\Users\user\Desktop\hSyJxPUUDx.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F01C460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF69F01C460
Source: C:\Users\user\Desktop\hSyJxPUUDx.exeCode function: 0_2_00007FF69F036370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF69F036370

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services11
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets24
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Install Root Certificate		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
hSyJxPUUDx.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imaging.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingcms.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingmath.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingtk.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_webp.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr0%Avira URL Cloudsafe
https://busquedasxurl.com/probar/config.txtc0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
busquedasxurl.com
82.180.136.22
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://core.telegram.org/bots/api#botnamehSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2402774035.000001F35BA8E000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://core.telegram.org/bots/api#sendvenuehSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/giampaolo/psutil/issues/875.hSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packageshSyJxPUUDx.exe, 00000002.00000002.3575858180.000001F35AA00000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://core.telegram.org/bots/api#getstickersethSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://core.telegram.org/bots/api#inlinequeryresulthSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.dhimyotis.com/certignarootca.crlf4hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp_generator.cp312-win_amd64.pyd.0.drfalse
                      		high
                      https://core.telegram.org/bots/api#getchatmembercounthSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577059512.000001F35B610000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://core.telegram.org/bots/api#sendphotohSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#hSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://core.telegram.org/bots/api#forcereplyhSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://core.telegram.org/bots/api#forumtopichSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://core.telegram.org/bots/api#chatadministratorrightshSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://core.telegram.org/bots/api#proximityalerttriggeredhSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2395485384.000001F359F9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/pypa/packaginghSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://core.telegram.org/bots/api#messageautodeletetimerchangedhSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://core.telegram.org/bots/api#shippingaddresshSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://core.telegram.org/bots/api#closeforumtopichSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$NrjrhSyJxPUUDx.exe, 00000002.00000003.2398720357.000001F35A2E5000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2398757061.000001F35AB01000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tools.ietf.org/html/rfc3610hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodehSyJxPUUDx.exe, 00000002.00000002.3575664881.000001F35A760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://arxiv.org/abs/1805.10941._generator.cp312-win_amd64.pyd.0.drfalse
                                                    		high
                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyhSyJxPUUDx.exe, 00000002.00000002.3576905992.000001F35B400000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://core.telegram.org/bots/api#setmynamehSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://pypi.org/project/build/).hSyJxPUUDx.exe, 00000002.00000002.3575377920.000001F35A450000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://core.telegram.org/bots/api#setchatmenubuttonhSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://core.telegram.org/bots/api#documenthSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://core.telegram.org/bots/api#inlinequeryresultvenuehSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://wwww.certigna.fr/autorites/0mhSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://core.telegram.org/bots/api#hidegeneralforumtopichSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerhSyJxPUUDx.exe, 00000002.00000003.2388464524.000001F3596C0000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F359690000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/python/cpython/issues/86361.hSyJxPUUDx.exe, 00000002.00000003.2392572114.000001F359B8F000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2394811467.000001F359C3A000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2392426301.000001F359F90000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://busquedasxurl.com/probar/config.txtchSyJxPUUDx.exe, 00000002.00000002.3575018288.000001F35A2BE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400772882.000001F35A2CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://mail.python.org/pipermail/python-dev/2012-June/120787.html.hSyJxPUUDx.exe, 00000002.00000003.2401189617.000001F359BF9000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://core.telegram.org/bots/api#setchatphotohSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainMETADATA.0.drfalse
                                                                              		high
                                                                              https://core.telegram.org/bots/api#inlinequeryresultcachedphotohSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://core.telegram.org/bots/api#restrictchatmemberhSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filehSyJxPUUDx.exe, 00000002.00000002.3579067117.00007FFE75533000.00000002.00000001.01000000.0000002F.sdmpfalse
                                                                                    		high
                                                                                    http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.htmlbit_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                      		high
                                                                                      https://core.telegram.org/bots/api#inlinequeryresultcachedgifhSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://core.telegram.org/bots/api#sendanimationhSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://core.telegram.org/bots/api#banchatmemberhSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://core.telegram.org/bots/api#userprofilephotoshSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAE0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://core.telegram.org/bots/api#createchatinvitelinkhSyJxPUUDx.exe, 00000002.00000002.3574255361.000001F359B00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://core.telegram.org/bots/api#animationhSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/en/latest/installation/METADATA.0.drfalse
                                                                                                    		high
                                                                                                    http://mathworld.wolfram.com/CauchyDistribution.html_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                      		high
                                                                                                      https://core.telegram.org/bots/api#menubuttoncommandshSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B984000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD4000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401hSyJxPUUDx.exe, 00000002.00000002.3574443677.000001F359D20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://core.telegram.org/bots/api#setstickerpositioninsethSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.cert.fnmt.es/dpcs/hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35B0F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://core.telegram.org/bots/api#botdescriptionhSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BAD0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://google.com/mailhSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A16D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A20D000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://api.telegram.org/file/bothSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://core.telegram.org/bots/api#copymessagehSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://core.telegram.org/bots/api#inlinequeryresultmpeg4gifhSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://core.telegram.org/bots/api#unpinallchatmessageshSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                            		high
                                                                                                                            https://core.telegram.org/bots/api#chatinvitelinkhSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://core.telegram.org/bots/api#deletechatstickersethSyJxPUUDx.exe, 00000002.00000002.3575244596.000001F35A326000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://core.telegram.org/bots/api#chatjoinrequesthSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ADB1000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://core.telegram.org/bots/api#declinechatjoinrequesthSyJxPUUDx.exe, 00000002.00000002.3573963922.000001F3596EF000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://core.telegram.org/bots/api#addstickertosethSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://tools.ietf.org/html/rfc7231#section-4.3.6)hSyJxPUUDx.exe, 00000002.00000003.2400931244.000001F35A102000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://core.telegram.org/bots/api#reopengeneralforumtopichSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A16D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://core.telegram.org/bots/api#chathSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://core.telegram.org/bots/api#deleteforumtopichSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://core.telegram.org/bots/api#stickersethSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://core.telegram.org/bots/api#forumtopiceditedhSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B8A0000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577213506.000001F35B948000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920hSyJxPUUDx.exe, 00000002.00000002.3576980917.000001F35B510000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://core.telegram.org/bots/api#setmyshortdescriptionhSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://core.telegram.org/bots/hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://pracrand.sourceforge.net/RNG_engines.txt_sfc64.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://core.telegram.org/bots/api#chatmemberbannedhSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://core.telegram.org/bots/api#setchattitlehSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://core.telegram.org/bots/api#videohSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35AD47000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.quovadisglobal.com/cps0hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf_generator.cp312-win_amd64.pyd.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://cryptography.io/en/latest/changelog/METADATA.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://core.telegram.org/bots/api#forumtopicclosedhSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BA80000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3577327957.000001F35BB4C000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://mail.python.org/mailman/listinfo/cryptography-devMETADATA.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://core.telegram.org/bots/api#inlinequeryresultarticlehSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://core.telegram.org/bots/api#getmehSyJxPUUDx.exe, 00000002.00000002.3577134395.000001F35B740000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://core.telegram.org/bots/api#chatphotohSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F35A078000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://core.telegram.org/bots/api#editmessagetexthSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcahSyJxPUUDx.exe, 00000002.00000002.3575546482.000001F35A660000.00000004.00001000.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576830298.000001F35B300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/pypa/setuptools/issues/1024.hSyJxPUUDx.exe, 00000002.00000002.3575265608.000001F35A340000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://core.telegram.org/bots/api#banchatsenderchathSyJxPUUDx.exe, 00000002.00000002.3574588610.000001F359F54000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://core.telegram.org/bots/api#labeledpricehSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://core.telegram.org/bots/api#webhookinfohSyJxPUUDx.exe, 00000002.00000002.3576384079.000001F35AE1C000.00000004.00000020.00020000.00000000.sdmp, hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://ocsp.accv.es0hSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.cert.fnmt.es/dpcs/orators:hSyJxPUUDx.exe, 00000002.00000002.3575965976.000001F35AB00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://core.telegram.org/bots/api#inlinequeryresultphotohSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://core.telegram.org/bots/api#chatmemberrestrictedhSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://core.telegram.org/bots/api#uploadstickerfilehSyJxPUUDx.exe, 00000002.00000002.3576069228.000001F35ABCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://core.telegram.org/bots/api#createnewstickersethSyJxPUUDx.exe, 00000002.00000002.3576595255.000001F35AEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        82.180.136.22
                                                                                                                                                                                                        		busquedasxurl.comDenmark
                                                                                                                                                                                                        		29100BROADCOMDKfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1571340
                                                                                                                                                                                                        Start date and time:2024-12-09 09:56:35 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 8m 54s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:5
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:hSyJxPUUDx.exe
                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                        Original Sample Name:16818583c4ba879e690336aebce0c29befb05152dd1fe8925403a2ff1ec155c6.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal56.winEXE@3/143@1/1
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                        • VT rate limit hit for: hSyJxPUUDx.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        82.180.136.22okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                          IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        maniatelo.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          busquedasxurl.comokG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          BROADCOMDKokG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          IABrPTTzHo.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          d7rnBT699m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          XYYgkNDBXR.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          • 82.180.136.22
                                                                                                                                                                                                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                          • 212.99.242.24

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_ARC4.pydssPp3zvWwN.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                                  33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                      KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          ChromeComboPack.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                            speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                                                              Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                              MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                              SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                              SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                              SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                              • Filename: ssPp3zvWwN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: I6H1RkEHlX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: r2PcRF79Mo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: KkgQY27Qqn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: ChromeComboPack.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: speedymaqing.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                                              Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                              MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                              SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                              SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                              SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                              Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                              MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                              SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                              SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                              SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                              Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                              MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                              SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                              SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                              SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):36352
                                                                                                                                                                                                                                              Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                              MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                              SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                              SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                              SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15872
                                                                                                                                                                                                                                              Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                              MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                              SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                              SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                              SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                              Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                              MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                              SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                              SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                              SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):20992
                                                                                                                                                                                                                                              Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                              MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                              SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                              SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                              SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):25088
                                                                                                                                                                                                                                              Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                              MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                              SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                              SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                              SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                              Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                              MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                              SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                              SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                              SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                              Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                              MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                              SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                              SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                              SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                              Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                              MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                              SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                              SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                              SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                                                              Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                              MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                              SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                              SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                              SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):58368
                                                                                                                                                                                                                                              Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                              MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                              SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                              SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                              SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                                              Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                              MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                              SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                              SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                              SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):22016
                                                                                                                                                                                                                                              Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                              MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                              SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                              SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                              SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                                                              Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                              MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                              SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                              SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                              SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                              Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                              MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                              SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                              SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                              SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                              Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                              MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                              SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                              SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                              SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                                              Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                              MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                              SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                              SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                              SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                                              Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                              MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                              SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                              SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                              SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                              Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                              MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                              SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                              SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                              SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                                              Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                              MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                              SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                              SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                              SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):18432
                                                                                                                                                                                                                                              Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                              MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                              SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                              SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                              SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):19456
                                                                                                                                                                                                                                              Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                              MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                              SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                              SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                              SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):22016
                                                                                                                                                                                                                                              Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                              MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                              SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                              SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                              SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):22016
                                                                                                                                                                                                                                              Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                              MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                              SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                              SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                              SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):27136
                                                                                                                                                                                                                                              Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                              MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                              SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                              SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                              SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):27136
                                                                                                                                                                                                                                              Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                              MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                              SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                              SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                              SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                                                              Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                              MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                              SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                              SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                              SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                                              Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                              MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                              SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                              SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                              SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                              Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                              MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                              SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                              SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                              SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                                              Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                              MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                              SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                              SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                              SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):35840
                                                                                                                                                                                                                                              Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                              MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                              SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                              SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                              SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                              Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                              MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                              SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                              SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                              SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):754688
                                                                                                                                                                                                                                              Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                              MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                              SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                              SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                              SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):27648
                                                                                                                                                                                                                                              Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                              MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                              SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                              SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                              SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):67072
                                                                                                                                                                                                                                              Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                              MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                              SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                              SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                              SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                                              Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                              MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                              SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                              SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                              SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                              Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                              MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                              SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                              SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                              SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                              Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                              MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                              SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                              SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                              SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imaging.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):2582528
                                                                                                                                                                                                                                              Entropy (8bit):6.457978211619077
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:49152:ahLabo89HhLGC4BmK7y9VnuEILrLrLrL6mV6i:XJlK7yg
                                                                                                                                                                                                                                              MD5:0376776F076CD4F4AC15EC4D813C5470
                                                                                                                                                                                                                                              SHA1:381F84735A11ACE4673D8BE53138E652D4415413
                                                                                                                                                                                                                                              SHA-256:A7DDF4D7CAB08676BB88A42059353C5374600901B3AB880E17EE1A0D0150C380
                                                                                                                                                                                                                                              SHA-512:06D68B9E5DAF90D05855BF2C57B6110BFC2F20F4731B023B5AAA39145FD3AB66525D39988B8516731045AD16A89EB0457487DD080AEB347BA24A2E47ECE98BBD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........%.}.v.}.v.}.v..)v.}.v...w.}.v..Gv.}.v...w.}.v...w.}.v...w.}.vw..w.}.v...w.}.v.}.v.|.v.}.v.}.v...w.|.v...w.}.v...w.}.v..Ev.}.v...w.}.vRich.}.v........................PE..d.....e.........." ...%.............X........................................'...........`......................................... .%.`.....%.......'.......&...............'.....P{$......................{$.(....z$.@............................................text...X........................... ..`.rdata...).......*..................@..@.data........&..`....%.............@....pdata........&......D&.............@..@.rsrc.........'......P'.............@..@.reloc........'......R'.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingcms.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                              Entropy (8bit):6.291831001741347
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:gQG8+hL4/nOYRI7O0hdlnLg9uP1+74/LgHmPr9qvZqhLaHLTLrLfqeqwL1dQ5hz0:gQG8z/shdlnLg9uP1+74/LgHmPr9qvZr
                                                                                                                                                                                                                                              MD5:48F7F14636DA0BC081A34ACBFE30D77D
                                                                                                                                                                                                                                              SHA1:E38B1F4E6F42219CC2D31D7EAF4FD49A8AD36D69
                                                                                                                                                                                                                                              SHA-256:3C2CEDEBABB5748F78FBA56634FD49CDAAD02C18D808D7E2B4F50E2800C7930F
                                                                                                                                                                                                                                              SHA-512:7C077CB4727E5879598D0DDACF4507806C66980C8E312F2A3861BC6448D5802F99F01535E9C2ECDF78F700DB78B3F03BC3989E81F28A57398F4AD8E9E1FDA7F3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V[jw8.jw8.jw8.c...dw8...9.hw8...=.gw8...<.bw8...;.nw8...9.hw8.!.9.mw8.jw9..w8.P.0.|w8.P.8.kw8.P...kw8.P.:.kw8.Richjw8.........PE..d.....e.........." ...%..... ...............................................@............`......................................... ...h............ ..........4/...........0.......`..............................p_..@...............p............................text...h........................... ..`.rdata..............................@..@.data....?.......:..................@....pdata..4/.......0..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingmath.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                                                              Entropy (8bit):5.547840685902378
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:WuwU58R4Pp/4TsXlCr8AN+I6iYLz9IKVxgyJ+X9:Hp8Rs4TWCr8vHH97V6P9
                                                                                                                                                                                                                                              MD5:8F67156CE61C7DE23E19F9445C8BA504
                                                                                                                                                                                                                                              SHA1:B9E344FE41B3FC77CE0012930B7ED9AF47EB500C
                                                                                                                                                                                                                                              SHA-256:8287A2A551BD99B5D55E18E461FEDB3704B74B0FB60F1E0881C792F90A18CE46
                                                                                                                                                                                                                                              SHA-512:F70F24CEF7475547F5B29D1AE6DB7BD1DE6D1AA906E21705E40ED5C18F4F059CE9BB14DFD353776EFC08B985881A102DEA1948632EDCCACF76CC72D126651EB0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@...@...@......@...A...@..A...@...E...@...D...@...C...@.[.A...@...A...@..`H...@..`@...@..`....@..`B...@.Rich..@.........PE..d.....e.........." ...%.6...,......P9....................................................`.........................................``..h....`..x...............P...............@....U...............................S..@............P..`............................text...(4.......6.................. ..`.rdata.. ....P.......:..............@..@.data........p.......R..............@....pdata..P............T..............@..@.rsrc................\..............@..@.reloc..@............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_imagingtk.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                              Entropy (8bit):4.947735133076573
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:Eq/Ztwurp+xOkpDds0KpbQoSM8WEumw/vE9FWckgTJ5:NZLaDFKpcoSIk9OgT
                                                                                                                                                                                                                                              MD5:7E912D07A39E16BB25CF32B7153515C8
                                                                                                                                                                                                                                              SHA1:60B2020DA661C6526FB09BCBCA6456520480BCAD
                                                                                                                                                                                                                                              SHA-256:D1E5D023821A9C38967FFAA9BDBF4DDE998A3A6BC37942CA334A13E55A1FC711
                                                                                                                                                                                                                                              SHA-512:EB47383DF193573AE5788023ACE576199F8BB0506406A95A26CD3CA688D0AF66E3E24EB13A9811B08932B81603848E70660BBD6806222C09749BFC0858A668E9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s>H..mH..mH..mA.mB..m]..lJ..m]..lD..m]..l@..m]..lK..m...lJ..m...lM..mH..m|..mr5.lJ..mr5.lI..mr5.mI..mr5.lI..mRichH..m................PE..d.....e.........." ...%.....$......@.....................................................`..........................................;..d....;.......p.......`..................<...`5.............................. 4..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data........P.......0..............@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc..<............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\PIL\_webp.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):534528
                                                                                                                                                                                                                                              Entropy (8bit):6.582425403943618
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:HsQIgnVCZh4nbXy8mAC1tQzLrLrLrLWmE5Gx0Hs/JJY:Hs4wwnbXBzLrLrLrLWmE60Hs/J+
                                                                                                                                                                                                                                              MD5:12D05951F8004E24EEAA0E45D587FE8E
                                                                                                                                                                                                                                              SHA1:CB42E43B3E55A18F765657BD436A566BA73747A3
                                                                                                                                                                                                                                              SHA-256:D96B196126A033F1D7832E29CEE44928683FAB00242E812815FF95FFFED1AF54
                                                                                                                                                                                                                                              SHA-512:3622C6E537096CCA34A6097E2BF8DE7477DC8B1333360B57F1DC0665147746A837F0B82EBAD06A8304B363F85E140FEFBDA2353D74B024208FF4124844029C47
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l....w...w...w..u....w..rv...w..uv...w..rr...w..rs...w..rt...w..pv...w...v...w..s...w......w..w...w.....w..u...w.Rich..w.........................PE..d.....e.........." ...%..................................................................`.........................................P...\............p....... ...N..................`W.............................. V..@............................................text............................... ..`.rdata..............................@..@.data....2..........................@....pdata...N... ...P..................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):119192
                                                                                                                                                                                                                                              Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):49528
                                                                                                                                                                                                                                              Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                              MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                              SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                              SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                              SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_asyncio.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):71448
                                                                                                                                                                                                                                              Entropy (8bit):6.247581706260346
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                                                              MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                                                              SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                                                              SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                                                              SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_bz2.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):84760
                                                                                                                                                                                                                                              Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                                                              MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                                                              SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                                                              SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                                                              SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):182784
                                                                                                                                                                                                                                              Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                              MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                              SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                              SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                              SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_ctypes.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):125208
                                                                                                                                                                                                                                              Entropy (8bit):6.128664719423826
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                                                              MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                                                              SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                                                              SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                                                              SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_decimal.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):252696
                                                                                                                                                                                                                                              Entropy (8bit):6.564448148079112
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                                                              MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                                                              SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                                                              SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                                                              SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_hashlib.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):65816
                                                                                                                                                                                                                                              Entropy (8bit):6.242741772115205
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                                                              MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                                                              SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                                                              SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                                                              SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_lzma.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):159512
                                                                                                                                                                                                                                              Entropy (8bit):6.846323229710623
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                                                              MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                                                              SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                                                              SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                                                              SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_multiprocessing.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):35096
                                                                                                                                                                                                                                              Entropy (8bit):6.461229529356597
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                                                              MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                                                              SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                                                              SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                                                              SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_overlapped.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):55576
                                                                                                                                                                                                                                              Entropy (8bit):6.342203411267264
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                                                              MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                                                              SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                                                              SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                                                              SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_queue.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):32536
                                                                                                                                                                                                                                              Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                                                              MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                                                              SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                                                              SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                                                              SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_socket.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):83224
                                                                                                                                                                                                                                              Entropy (8bit):6.338326324626716
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                                                              MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                                                              SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                                                              SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                                                              SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_sqlite3.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):124696
                                                                                                                                                                                                                                              Entropy (8bit):6.266006891462829
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:9PfqZRAWgyjwzCO4w5y3DUfUK8PtIAOQMo:oAWgKw2C5iSUv1
                                                                                                                                                                                                                                              MD5:506B13DD3D5892B16857E3E3B8A95AFB
                                                                                                                                                                                                                                              SHA1:42E654B36F1C79000084599D49B862E4E23D75FF
                                                                                                                                                                                                                                              SHA-256:04F645A32B0C58760CC6C71D09224FE90E50409EF5C81D69C85D151DFE65AFF9
                                                                                                                                                                                                                                              SHA-512:A94F0E9F2212E0B89EB0B5C64598B18AF71B59E1297F0F6475FA4674AE56780B1E586B5EB952C8C9FEBAD38C28AFD784273BBF56645DB2C405AFAE6F472FB65C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d.....e.........." ...%.............................................................d....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_ssl.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):177432
                                                                                                                                                                                                                                              Entropy (8bit):5.976892131161338
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                                                              MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                                                              SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                                                              SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                                                              SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\_wmi.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):36632
                                                                                                                                                                                                                                              Entropy (8bit):6.357254511176439
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                                                              MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                                                              SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                                                              SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                                                              SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                                              MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                                              SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                                              SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                                              SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11736
                                                                                                                                                                                                                                              Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                                              MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                                              SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                                              SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                                              SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                                              MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                                              SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                                              SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                                              SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                                              MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                                              SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                                              SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                                              SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15328
                                                                                                                                                                                                                                              Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                                              MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                                              SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                                              SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                                              SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                                              MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                                              SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                                              SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                                              SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11744
                                                                                                                                                                                                                                              Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                                              MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                                              SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                                              SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                                              SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11736
                                                                                                                                                                                                                                              Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                                              MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                                              SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                                              SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                                              SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12256
                                                                                                                                                                                                                                              Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                                              MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                                              SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                                              SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                                              SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                                              MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                                              SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                                              SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                                              SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12752
                                                                                                                                                                                                                                              Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                                              MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                                              SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                                              SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                                              SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14800
                                                                                                                                                                                                                                              Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                                              MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                                              SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                                              SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                                              SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                                              MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                                              SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                                              SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                                              SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                                              MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                                              SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                                              SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                                              SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12752
                                                                                                                                                                                                                                              Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                                              MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                                              SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                                              SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                                              SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14288
                                                                                                                                                                                                                                              Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                                              MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                                              SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                                              SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                                              SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                                              MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                                              SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                                              SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                                              SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                                              MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                                              SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                                              SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                                              SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                                              MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                                              SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                                              SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                                              SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                                              MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                                              SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                                              SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                                              SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13776
                                                                                                                                                                                                                                              Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                                              MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                                              SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                                              SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                                              SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                                              MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                                              SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                                              SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                                              SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12768
                                                                                                                                                                                                                                              Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                                              MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                                              SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                                              SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                                              SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                                              MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                                              SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                                              SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                                              SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11728
                                                                                                                                                                                                                                              Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                                              MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                                              SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                                              SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                                              SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12752
                                                                                                                                                                                                                                              Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                                              MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                                              SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                                              SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                                              SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15824
                                                                                                                                                                                                                                              Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                                              MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                                              SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                                              SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                                              SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                                              MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                                              SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                                              SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                                              SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13776
                                                                                                                                                                                                                                              Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                                              MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                                              SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                                              SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                                              SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12752
                                                                                                                                                                                                                                              Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                                              MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                                              SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                                              SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                                              SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                                              MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                                              SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                                              SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                                              SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):20944
                                                                                                                                                                                                                                              Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                                              MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                                              SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                                              SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                                              SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):64464
                                                                                                                                                                                                                                              Entropy (8bit):5.537611266681503
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:2PMeDe5c4bFe2JyhcvxXWpD7d3334BkZn+Ppzh:2DDe5c4bFe2JyhcvxXWpD7d3334BkZnU
                                                                                                                                                                                                                                              MD5:D76E7AAECB3D1CA9948C31BDAE52EB9D
                                                                                                                                                                                                                                              SHA1:142A2BB0084FAA2A25D0028846921545F09D9AE9
                                                                                                                                                                                                                                              SHA-256:785C49FD9F99C6EB636D78887AA186233E9304921DD835DEE8F72E2609FF65C4
                                                                                                                                                                                                                                              SHA-512:52DA403286659CF201C72FA0AB3C506ADE86C7E2FEF679F35876A5CEC4AEE97AFBC5BB13A259C51EFB8706F6AE7F5A6A3800176B89F424B6A4E9F3D5B8289620
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....{............" ......................................................................`A........................................P....................................!..............p............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12752
                                                                                                                                                                                                                                              Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                                              MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                                              SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                                              SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                                              SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):16336
                                                                                                                                                                                                                                              Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                                              MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                                              SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                                              SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                                              SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):17872
                                                                                                                                                                                                                                              Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                                              MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                                              SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                                              SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                                              SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):18384
                                                                                                                                                                                                                                              Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                                              MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                                              SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                                              SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                                              SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):14288
                                                                                                                                                                                                                                              Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                                              MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                                              SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                                              SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                                              SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):12240
                                                                                                                                                                                                                                              Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                                              MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                                              SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                                              SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                                              SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\base_library.zip

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1332263
                                                                                                                                                                                                                                              Entropy (8bit):5.5864676354018465
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1dG6sF7aYceM:uttcY+UHCiCAd+cqHdmmPHzvwaYceM
                                                                                                                                                                                                                                              MD5:630153AC2B37B16B8C5B0DBB69A3B9D6
                                                                                                                                                                                                                                              SHA1:F901CD701FE081489B45D18157B4A15C83943D9D
                                                                                                                                                                                                                                              SHA-256:EC4E6B8E9F6F1F4B525AF72D3A6827807C7A81978CB03DB5767028EBEA283BE2
                                                                                                                                                                                                                                              SHA-512:7E3A434C8DF80D32E66036D831CBD6661641C0898BD0838A07038B460261BF25B72A626DEF06D0FAA692CAF64412CA699B1FA7A848FE9D969756E097CBA39E41
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\certifi\cacert.pem

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):290282
                                                                                                                                                                                                                                              Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                              MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                              SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                              SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                              SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                                              Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                              MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                              SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                              SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                              SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):122880
                                                                                                                                                                                                                                              Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                              MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                              SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                              SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                              SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):197
                                                                                                                                                                                                                                              Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                              MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                              SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                              SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                              SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5292
                                                                                                                                                                                                                                              Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                              MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                              SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                              SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                              SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):15334
                                                                                                                                                                                                                                              Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                              MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                              SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                              SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                              SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):100
                                                                                                                                                                                                                                              Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                              MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                              SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                              SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                              SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                                              Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                              MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                              SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                              SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                              SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:cryptography.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):6673920
                                                                                                                                                                                                                                              Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                              MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                              SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                              SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                              SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\libcrypto-3.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5191960
                                                                                                                                                                                                                                              Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                              MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                              SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                              SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                              SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\libffi-8.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):39696
                                                                                                                                                                                                                                              Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\libssl-3.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):787224
                                                                                                                                                                                                                                              Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                              MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                              SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                              SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                              SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):38168576
                                                                                                                                                                                                                                              Entropy (8bit):6.305082264196138
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:196608:O99XmuJ2l6d6iET5BH6ZCy1iMq5NV2OzPWJAt+bOzPWVa+llOzPWIqzfr2V9EwS6:0OzPW5OzPW5OzPWIDMD9K6LSn1ZP
                                                                                                                                                                                                                                              MD5:5E46C3D334C90C3029EB6AE2A3FE58F2
                                                                                                                                                                                                                                              SHA1:AD3D806F720289CCB90CE8BFD0DA49FA99E7777B
                                                                                                                                                                                                                                              SHA-256:57B87772BF676B5C2D718C79DDDC9F039D79EC3319FEE1398CC305ADFF7B69E5
                                                                                                                                                                                                                                              SHA-512:4BD29D19B619076A64A928F3871EDCCE8416BCF100C1AA1250932479D6536D9497F2F9A2668C90B3479D0D4AB4234FFA06F81BC6B107FAD1BE5097FA2B60AB28
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.D........& ...$.....x......P.........{..............................`........F...`... ......................................P..Xe...................p...$...............V.............................(...................|...P............................text...............................`..`.data....,..........................@.`..rdata...L... ...N..................@.p@.pdata...$...p...&...X..............@.0@.xdata..p#.......$...~..............@.0@.bss.....~............................`..edata..Xe...P...f..................@.0@.idata..............................@.0..CRT....`............"..............@.@..tls.................$..............@.@..reloc...V.......X...&..............@.0B/4...... ....`.......~..............@.PB/19.....Y....p......................@..B/31......_...P...`...`..............@..B/45.................................@..B/57.....

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_tests.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):66048
                                                                                                                                                                                                                                              Entropy (8bit):6.0029845891810085
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:3p/PUg+VQrec6dx6gXZtu5sx0wtvnSPmFzO+ooK83Ngu6nSO:3pUdVQreR68/uItvSPmF6+ojcv6nSO
                                                                                                                                                                                                                                              MD5:92C51DAF855C25EB229F15CB61F39B5D
                                                                                                                                                                                                                                              SHA1:2732021A3D1A9EFE52C2B2EC993D3DA3EFBE6246
                                                                                                                                                                                                                                              SHA-256:95BC29ED6DC02BF8AA3AADD078B9812AAE5E4E8A663778114D20827E9F9C3D8E
                                                                                                                                                                                                                                              SHA-512:F168E553CA05AE9458A9DC77F8312A3FC9192534C339B20668B461E8975729399CE248693E3CE411AF7A2A88BDFFAF6438175619EBDD27C6AA5AAA1B582E5911
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........T..............................................@............`.........................................0........................ ...............0......P...............................p...8............... ............................text.............................. .P`.rdata..29.......:..................@.P@.data...............................@.P..pdata....... ......................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\core\_multiarray_umath.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):2842624
                                                                                                                                                                                                                                              Entropy (8bit):6.636429648896842
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:49152:H/Yfw6/aTE+CyxakxYgfPpmh0By/TDwY6uSOuzLXRB06D:H/Aa/X2/TaOuzL
                                                                                                                                                                                                                                              MD5:B5322718A11C7DB4C1A1486F1A162ADB
                                                                                                                                                                                                                                              SHA1:4C77B34D686C197C4790D4B79D70EE59CFA41460
                                                                                                                                                                                                                                              SHA-256:5EF0804BE17E6ACCF19332DFACB88A89AB24953A14A42D289B2983C55CCE7009
                                                                                                                                                                                                                                              SHA-512:17D112DD8935CCB2F3FCFD15236A636C59F0E92A4EF861862E06EFD3A2F4EBBBC45533270DFE5B1F65FFF0FD066D19B57240385011F3BB5E63CFF0A06A994F19
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...... ........... .......................................-.......,...`.........................................PX'.t....X'.,.............+.(............`-.|$....%............................. .%.8............. ..............................text...h. ....... ................. .P`.rdata........ ....... .............@.P@.data...P"....'.. ....'.............@.P..pdata..(.....+.......).............@.0@.reloc..|$...`-..&...:+.............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):110080
                                                                                                                                                                                                                                              Entropy (8bit):6.157829267971521
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:1J7u06kUyyTZDXZhTZdjrozKDaGE2A8wRdpdCqgeh1m:1J7uYkVDXHVdozKe521wRFh3
                                                                                                                                                                                                                                              MD5:90D30098D86837386A666D6E6388006E
                                                                                                                                                                                                                                              SHA1:BE1244955C42E8ACEDFF587DB9C9D43A0FC88874
                                                                                                                                                                                                                                              SHA-256:1B68264914063E2DF22ED04668F937BC43EC58D756091E9D061FDE3D4915CF23
                                                                                                                                                                                                                                              SHA-512:D0CFEA6E2349B6124939B2CED72C4077FAA3F4525A6A490577C98437EBED1E6A36D26A1552CA1680639EB87E71388FC424C00366720A62742A36A35A8223A782
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|................................................................`.............................................x.......................................<.....................................8............................................text...X{.......|.................. .P`.rdata..p........ ..................@.P@.data...............................@.P..pdata..............................@.0@.reloc..<...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                              Entropy (8bit):6.296943343498824
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:uEXFL7JoLGR94dIIpxFlJz+G6jlTJdaWM0BCQUIGBpdJHIGJQk5S7:ZFxhUxFlJz+njlTX7sIGBpDIfk5S7
                                                                                                                                                                                                                                              MD5:D536FCFF8E188E4C2239ED9DBC964084
                                                                                                                                                                                                                                              SHA1:050CFB86702D06DBC4E4ABF9D7A759978A42E8A9
                                                                                                                                                                                                                                              SHA-256:8F21B754C44B6CD04184E955654243CF05C011DE25E83578C1014B566BAA9D9B
                                                                                                                                                                                                                                              SHA-512:E9E9A81E246BBAF7C6F7F7D080889EB58EA158F7E12893F5A03A4A59B3662C3FBE1829B68A6AAE05E60ED5C22E09C555028310453F4004470EE5B1E26BCC5646
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....N...T.......R..............................................o!....`.............................................l...,........................................t...............................u..8............`..(............................text....M.......N.................. .P`.rdata...5...`...6...R..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_bounded_integers.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):231936
                                                                                                                                                                                                                                              Entropy (8bit):6.465013607402119
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:4ibqI1hY1IQN7TBhPztGq6f+WGWHRtxyvJRWjwTk/TG:4ibqI1hIzWfpHHRpjw3
                                                                                                                                                                                                                                              MD5:D76245820BE06CFE77DB2B0FD9788F49
                                                                                                                                                                                                                                              SHA1:45689D2B013F97E95A8C1C2FA7DA399F818EC234
                                                                                                                                                                                                                                              SHA-256:176B0735F50BF071D9B007FD8B0E3E763663D8B02E3EFD1AE07BECB68A629EC4
                                                                                                                                                                                                                                              SHA-512:1ECE25120EEC6D97188D810F1D8DA00764449577DFF0F6DBE3199136BAFE96BF46C9E4810C4B8942574C4B1D987AAAFE3D547EC4B2488C0F4989B77AA98D7CA0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".................................................................(....`.........................................`e.. ....m..x...............P...............P....H...............................I..8............... ............................text............................... .P`.rdata..............................@.P@.data...8............t..............@.P..pdata..P............v..............@.0@.reloc..P...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_common.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):166400
                                                                                                                                                                                                                                              Entropy (8bit):6.16054841448225
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:4Eh3AzI0GZVlTesyp0k3itVoBzSunh/xoV:4E5UI0GZVNUKVyzSu3C
                                                                                                                                                                                                                                              MD5:66CF3F29BECCC6AD4EE3EE3B8B7AF98B
                                                                                                                                                                                                                                              SHA1:5338CA4140BB3C473D18092F6F0349E9D9DC8C56
                                                                                                                                                                                                                                              SHA-256:185F6666ED6854977B6439B00814B4A56247A309789DCEE29CA17E88DC4F5B87
                                                                                                                                                                                                                                              SHA-512:3E11C50436973B0EF3CD50DD4DE442DAABC2A0FFE440D49D21960383AB25ACC2467EA7AB78407D7E8387832FA185F581DD17EA81409B861ED816FD473F7652A5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........l......P.....................................................`..........................................p..`...@q..x...............`...................P`..............................p`..8............0.. ............................text............................... .P`.rdata...W...0...X..................@.P@.data................v..............@.P..pdata..`............~..............@.0@.reloc..............................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):689152
                                                                                                                                                                                                                                              Entropy (8bit):6.32270721353156
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:aJg7dcXhfd8IE3hjy1IqidsQLRsfxU2exLmxHjwB:ai7uhfaFRBiqRsimxD2
                                                                                                                                                                                                                                              MD5:F954DC5B1A79106A8CB98A3B481A49C0
                                                                                                                                                                                                                                              SHA1:099D0498FF69982B1E69B8CA0B07820DB0D1343C
                                                                                                                                                                                                                                              SHA-256:BB1AEF8C19B81B5B044B5D47D683601EED2C60412D68C075F7AA9EAC55CCBDB0
                                                                                                                                                                                                                                              SHA-512:50C7DEAB5FEB29A24E29DF756152079A44E413E00E29C98EA9556A7F2C73E88C7CF4A25569F52141E56DB1CC887B9AA8DFB92949A74E086A9B6214997561FDA6
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."..... ...`......P$...................................................`..........................................0.......9..................................h... ...............................@...8............0...............................text...X........ .................. .P`.rdata...$...0...&...$..............@.P@.data....0...`.......J..............@.P..pdata...............b..............@.0@.reloc..h...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_mt19937.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):75776
                                                                                                                                                                                                                                              Entropy (8bit):6.1841804914562974
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:JIZlzNnw+v/wzqo5VJtnkzDQODdPRmdxlEhu8Ef2:gFNnjRoznkzDIqU8Ef2
                                                                                                                                                                                                                                              MD5:D6D11C2796AE40C950C7E25782999C7A
                                                                                                                                                                                                                                              SHA1:C82F75A0F2818C714021206DFA312999117BBF00
                                                                                                                                                                                                                                              SHA-256:E0856FDAB0D2B1FB64BA24E05B83ABDC31212C5C983E32C6B49D3911D97B2D78
                                                                                                                                                                                                                                              SHA-512:471610535C30206BCCDC11059E743E1870FF9A8969C6B5437D2478926699F8865044462540D6D2AB99DCA3E2ACA19A1A48B3C5BE00D0D0DCE62128E23B683611
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........h......0........................................`....../F....`.............................................`...0...x............@..l............P..|...P...............................p...8............................................text.............................. .P`.rdata...X.......Z..................@.P@.data........0......................@.P..pdata..l....@......................@.0@.reloc..|....P.......&..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_pcg64.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):81920
                                                                                                                                                                                                                                              Entropy (8bit):6.087600380435088
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:yAaRay9hKIybw+bt41HAURJQdsOJVxi0IW50Vcu/:yAqay3Kdw0t56450yu/
                                                                                                                                                                                                                                              MD5:C15EAF827584245FAA0E88B62A85D05D
                                                                                                                                                                                                                                              SHA1:129B7B9A060376D97BFB7328A403C3BD077E6138
                                                                                                                                                                                                                                              SHA-256:F56ADC692A97E4A6A3D391E04A1CB5A59343652407E2520C5CF79CB6173F0163
                                                                                                                                                                                                                                              SHA-512:0A239BF2364B3FB652747771F65BAE9485B1485DCC429D3EA7D45F81E4B322AA9D01304CF15E5CBE7ABB6BD876F73195F0A5AA16636D065B90EE8D792AE719C1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........t......................................................J&....`........................................../..\..../..x............`...............p......0#..............................P#..8............................................text...h........................... .P`.rdata...a.......b..................@.P@.data........P......................@.P..pdata.......`.......6..............@.0@.reloc.......p.......>..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_philox.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):68608
                                                                                                                                                                                                                                              Entropy (8bit):6.068724798266156
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:XUx34cosUUi6mHW3BYiRUqBkG7B5P6EsSuP:Xw34cIvHWG+nBXB5PNsSuP
                                                                                                                                                                                                                                              MD5:FDBF66153C13D319D1E7C9F129CF08E3
                                                                                                                                                                                                                                              SHA1:F8518A17644EF95E89F07C7B713C9B121E05B9C6
                                                                                                                                                                                                                                              SHA-256:0810150CCEAD60D2B3084333492019AE90A0F28FD82664C96966D9BDC83686F2
                                                                                                                                                                                                                                              SHA-512:308C228AA502EC2EEB1448E48C45EDD1520833851A1E7902D398E6ED4014F6CFE41345B3B5924711B7285D7E3B5181C848F5F821410FAE3AD9B4229E2B55F12F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........`......P........................................P......V.....`.........................................P...`.......x............0...............@..|.......................................8............................................text............................... .P`.rdata...R.......T..................@.P@.data........ ......................@.P..pdata.......0......................@.0@.reloc..|....@......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\_sfc64.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):50688
                                                                                                                                                                                                                                              Entropy (8bit):5.851923736767711
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:3N97lLxP9RgV508lRcuyAGYp6iyVqonQHsXaMoP9UrWEl+AMP:Lz1RgVTXy2cK9kWElyP
                                                                                                                                                                                                                                              MD5:ECEC79538AB9149FFBD3F326BBE4A638
                                                                                                                                                                                                                                              SHA1:655AE3B72CD0A52D11CF76EEB5FDC5098CEEE750
                                                                                                                                                                                                                                              SHA-256:EEC06C70418E3D410E55D47C2FA84F880480CBFB9A4ABF073F188AD2B483C1CB
                                                                                                                                                                                                                                              SHA-512:94C334124C4E6666D6A96448672B8B7EF37AF76C783ED82837792FB271745A3FABF8C9765EAC46AC31E58EE000B6327B14418024B027DA6DA9C51FF2282AA3DE
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....x...J.......{..............................................L.....`.........................................p...\......x...............................p......................................8............................................text...Xv.......x.................. .P`.rdata...=.......>...|..............@.P@.data...............................@.P..pdata..............................@.0@.reloc..p...........................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\bit_generator.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):160768
                                                                                                                                                                                                                                              Entropy (8bit):6.214539257343106
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:hPTECiv12+KX4IlhvHFucDJeX9bqz18x9C21FpMsDEV2+WarahR2+WarahTYqSyv:hPTECiv12+KIyJ/VeXhGY9RYV2+Waray
                                                                                                                                                                                                                                              MD5:0025817C31FE2CC158499B1175E2BA92
                                                                                                                                                                                                                                              SHA1:60A2127356D80333C403246FCBD2BF8B539D5FD6
                                                                                                                                                                                                                                              SHA-256:D746972E355DCE6131B67D8121AE3BF20191C4FFFE555FE994DEBA8C12FC8591
                                                                                                                                                                                                                                              SHA-512:2DB30BA60C5900214327191D0975ED24122BEC927AE559AC5B37B47BA41A4B91BAC05C85200BC1633902E9FBE27C46819BDF0860FBE26921D5B6DEE748919A10
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."................P...............................................d=....`.........................................@G..l....G..x....................................5...............................5..8............................................text............................... .P`.rdata..............................@.P@.data...h!...`.......R..............@.P..pdata...............f..............@.0@.reloc...............r..............@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\numpy\random\mtrand.cp312-win_amd64.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):582656
                                                                                                                                                                                                                                              Entropy (8bit):6.2168844883747285
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:TkE7mm5J7UiJ8u1hLDlWPsq6p4S4gP4KBSkPSoHRSKrkSoSL7MSquASLSqSwSkSE:AE7JJ7p/P5q660XZ0X2beSn+yijwd
                                                                                                                                                                                                                                              MD5:1BE97B97C39BBE483D8A8863CDB5DD5E
                                                                                                                                                                                                                                              SHA1:281082C71F89FF79575B463D8C72F4F76640EE73
                                                                                                                                                                                                                                              SHA-256:8893E35F6545DE8718D435FC4FFE3583DB0D4EABB2EB087D951FF58A3BBAA7DD
                                                                                                                                                                                                                                              SHA-512:B6551D0563870F13FB391E65C879E4C69689014009F610C4D7648645409C66AB29505D6D2043D3F8FC63248B3D6AF72C7597F2874348BC038F6F2FEC4002E233
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........(...............................................@............`..................................................................................0......P...............................p...8...............x............................text............................... .P`.rdata..............................@.P@.data...(#..........................@.P..pdata..............................@.0@.reloc.......0......................@.0B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):67072
                                                                                                                                                                                                                                              Entropy (8bit):5.90551713971002
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:ZhseNxkc7Xva0Y420G1UD+dS4gBeLmRy:Z1kcbi0Y42bUD+dS4oeiRy
                                                                                                                                                                                                                                              MD5:01F9D30DD889A3519E3CA93FE6EFEE70
                                                                                                                                                                                                                                              SHA1:EBF55ADBD8CD938C4C11D076203A3E54D995AEFF
                                                                                                                                                                                                                                              SHA-256:A66444A08A8B9CEAFA05DAEFEB32AA1E65C8009A3C480599F648FA52A20AFB7D
                                                                                                                                                                                                                                              SHA-512:76FED302D62BB38A39E0BF6C9038730E83B6AFFFA2F36E7A62B85770D4847EA6C688098061945509A1FDB799FB7F5C88699F94E7DA1934F88A9C3B6A433EE9EF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....~e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\pyexpat.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):199448
                                                                                                                                                                                                                                              Entropy (8bit):6.385263095268062
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                                                              MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                                                              SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                                                              SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                                                              SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\python3.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):68376
                                                                                                                                                                                                                                              Entropy (8bit):6.14896460878624
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                                                              MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                                                              SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                                                              SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                                                              SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\python312.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):7009048
                                                                                                                                                                                                                                              Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                                                              MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                                                              SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                                                              SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                                                              SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):134656
                                                                                                                                                                                                                                              Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                              MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                              SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                              SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                              SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\select.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):30488
                                                                                                                                                                                                                                              Entropy (8bit):6.582548725691534
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                                                              MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                                                              SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                                                              SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                                                              SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\sqlite3.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1500440
                                                                                                                                                                                                                                              Entropy (8bit):6.588676275246953
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24576:iTqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFv++b:hk0jwv4tP5kf8ar/74EF2/An4acrVUcc
                                                                                                                                                                                                                                              MD5:C1161C1CEC57C5FFF89D10B62A8E2C3A
                                                                                                                                                                                                                                              SHA1:C4F5DEA84A295EC3FF10307A0EA3BA8D150BE235
                                                                                                                                                                                                                                              SHA-256:D1FD3040ACDDF6551540C2BE6FF2E3738F7BD4DFD73F0E90A9400FF784DD15E6
                                                                                                                                                                                                                                              SHA-512:D545A6DC30F1D343EDF193972833C4C69498DC4EA67278C996426E092834CB6D814CE98E1636C485F9B1C47AD5C68D6F432E304CD93CEED0E1E14FEAF39B104A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d......e.........." ...%............................................................M7....`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\ucrtbase.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1035728
                                                                                                                                                                                                                                              Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                                              MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                                              SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                                              SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                                              SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\unicodedata.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1137944
                                                                                                                                                                                                                                              Entropy (8bit):5.462202215180296
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                                                              MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                                                              SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                                                              SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                                                              SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32api.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):133632
                                                                                                                                                                                                                                              Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                              MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                              SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                              SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                              SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32crypt.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):123904
                                                                                                                                                                                                                                              Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                              MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                              SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                              SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                              SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI64402\win32\win32pdh.pyd

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):34816
                                                                                                                                                                                                                                              Entropy (8bit):5.607776737873708
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:384:qTtWWcU+d47NgCuVuA7dBm7BZ1CHrWBGwm3ReuuR+F1igomqhPGZGQvD3+VC5pEa:qM47+YedBm0WBgIuuGigahAF7+m2Ca
                                                                                                                                                                                                                                              MD5:1580EE4142FB1F90F00B9F5A3CA297EB
                                                                                                                                                                                                                                              SHA1:BC730100B6E8C85F709BCFB4FD7A81FB91ABF7D1
                                                                                                                                                                                                                                              SHA-256:BD3F16AFB19AF91B016AB3E9669CD845F70F7A4B7A2489A81F312F060B1FB020
                                                                                                                                                                                                                                              SHA-512:692C4A0595B715B14A53B41DD192AFB3058A85530975C0CAC673F3D70A2AA31FA66762FC7F453739B35971559F33E6CB20C62FC13C79796E43FF14A8728A26A1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d.wKd.wKd.wKm..Kb.wK6.vJ`.wKp.vJf.wK6.rJh.wK6.sJl.wK6.tJg.wK..vJa.wKd.vK<.wK..~Je.wK..wJe.wK..uJe.wKRichd.wK........PE..d......d.........." .....D...@.......@....................................................`.........................................@...P...............\............................p..T............................p..8............`...............................text....C.......D.................. ..`.rdata..X,...`.......H..............@..@.data...x............v..............@....pdata...............z..............@..@.rsrc...\...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.997121794933021
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:hSyJxPUUDx.exe
                                                                                                                                                                                                                                              File size:33'138'116 bytes
                                                                                                                                                                                                                                              MD5:3db8cd76f170be3241b387fe5c70afab
                                                                                                                                                                                                                                              SHA1:352ddb3951527fc961fcec98418ed639f581450b
                                                                                                                                                                                                                                              SHA256:16818583c4ba879e690336aebce0c29befb05152dd1fe8925403a2ff1ec155c6
                                                                                                                                                                                                                                              SHA512:c6cfa6755a6c2ba6b97e1d66b0607345ab85b8a8887669a3b76f442740dc5e138f8906e8509fb84e612a8fafb798b7c6d3aeca3fc036609b8586f117149819d3
                                                                                                                                                                                                                                              SSDEEP:786432:VUpb6HUTLJE1QtIJ2j6+s7LWB75zupmS3ILn6e1SryCTVY:3HUTdQiIJ2qHWB75ipmSGor
                                                                                                                                                                                                                                              TLSH:1E773359B38428B2E2D7417B9126856A2653BC4C13B0DA4F47F936622FFF1338E35936
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:0fd88dc89ea7861b

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x65E4AF55 [Sun Mar 3 17:11:49 2024 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                              OS Version Minor:2
                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                              File Version Minor:2
                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                              Subsystem Version Minor:2
                                                                                                                                                                                                                                              Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                                              call 00007FD180B64BACh
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                                              jmp 00007FD180B647BFh
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                                              call 00007FD180B65124h
                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                              je 00007FD180B64963h
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                              jmp 00007FD180B64947h
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              cmp ecx, eax
                                                                                                                                                                                                                                              je 00007FD180B64956h
                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                              jne 00007FD180B64930h
                                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                              mov al, 01h
                                                                                                                                                                                                                                              jmp 00007FD180B64939h
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                                                              movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                              test ecx, ecx
                                                                                                                                                                                                                                              mov ebx, 00000001h
                                                                                                                                                                                                                                              cmove eax, ebx
                                                                                                                                                                                                                                              mov byte ptr [00034257h], al
                                                                                                                                                                                                                                              call 00007FD180B64F23h
                                                                                                                                                                                                                                              call 00007FD180B66042h
                                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                                              jne 00007FD180B64946h
                                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                                              jmp 00007FD180B64956h
                                                                                                                                                                                                                                              call 00007FD180B72FE1h
                                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                                              jne 00007FD180B6494Bh
                                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                                              call 00007FD180B66052h
                                                                                                                                                                                                                                              jmp 00007FD180B6492Ch
                                                                                                                                                                                                                                              mov al, bl
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              add esp, 20h
                                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                                                              cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                                                                                              jne 00007FD180B649A9h
                                                                                                                                                                                                                                              cmp ecx, 01h
                                                                                                                                                                                                                                              jnbe 00007FD180B649ACh
                                                                                                                                                                                                                                              call 00007FD180B6508Ah
                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                              je 00007FD180B6496Ah

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x10e34.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x75c.reloc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rdata0x2b0000x12bf40x12c0094549354a033598665d01d2d64b79bccFalse0.5184375data5.835028904559445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rsrc0x460000x10e340x110002be902e1194d879622f139b94ca07301False0.15340647977941177data3.990049962265339IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .reloc0x570000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_ICON0x460e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m0.14468236129184905
                                                                                                                                                                                                                                              RT_GROUP_ICON0x569100x14data1.15
                                                                                                                                                                                                                                              RT_MANIFEST0x569240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                                                              KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:40.061449051 CET49712443192.168.2.1282.180.136.22
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:40.061492920 CET4434971282.180.136.22192.168.2.12
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:40.061813116 CET49712443192.168.2.1282.180.136.22
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:41.505976915 CET49712443192.168.2.1282.180.136.22
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:41.506001949 CET4434971282.180.136.22192.168.2.12
                                                                                                                                                                                                                                              Dec 9, 2024 09:58:25.534441948 CET4434971282.180.136.22192.168.2.12
                                                                                                                                                                                                                                              Dec 9, 2024 09:58:25.534570932 CET49712443192.168.2.1282.180.136.22
                                                                                                                                                                                                                                              Dec 9, 2024 09:58:25.534837008 CET49712443192.168.2.1282.180.136.22
                                                                                                                                                                                                                                              Dec 9, 2024 09:58:25.534857035 CET4434971282.180.136.22192.168.2.12

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:39.905926943 CET6542053192.168.2.121.1.1.1
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:40.045701981 CET53654201.1.1.1192.168.2.12

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:39.905926943 CET192.168.2.121.1.1.10xc46cStandard query (0)busquedasxurl.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 9, 2024 09:57:40.045701981 CET1.1.1.1192.168.2.120xc46cNo error (0)busquedasxurl.com82.180.136.22A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:03:57:31
                                                                                                                                                                                                                                              Start date:09/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\hSyJxPUUDx.exe"
                                                                                                                                                                                                                                              Imagebase:0x7ff69f010000
                                                                                                                                                                                                                                              File size:33'138'116 bytes
                                                                                                                                                                                                                                              MD5 hash:3DB8CD76F170BE3241B387FE5C70AFAB
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                              Start time:03:57:36
                                                                                                                                                                                                                                              Start date:09/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\hSyJxPUUDx.exe"
                                                                                                                                                                                                                                              Imagebase:0x7ff69f010000
                                                                                                                                                                                                                                              File size:33'138'116 bytes
                                                                                                                                                                                                                                              MD5 hash:3DB8CD76F170BE3241B387FE5C70AFAB
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:9.5%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:18.2%
                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                Total number of Limit Nodes:18
                                                                                                                                                                                                                                                execution_graph 18325 7ff69f030f38 18326 7ff69f030f5c 18325->18326 18330 7ff69f030f6c 18325->18330 18327 7ff69f0254c4 _set_fmode 11 API calls 18326->18327 18328 7ff69f030f61 18327->18328 18329 7ff69f03124c 18332 7ff69f0254c4 _set_fmode 11 API calls 18329->18332 18330->18329 18331 7ff69f030f8e 18330->18331 18334 7ff69f030faf 18331->18334 18456 7ff69f0315f4 18331->18456 18333 7ff69f031251 18332->18333 18335 7ff69f02af0c __free_lconv_mon 11 API calls 18333->18335 18337 7ff69f031021 18334->18337 18339 7ff69f030fd5 18334->18339 18343 7ff69f031015 18334->18343 18335->18328 18341 7ff69f02f158 _set_fmode 11 API calls 18337->18341 18354 7ff69f030fe4 18337->18354 18338 7ff69f0310ce 18350 7ff69f0310eb 18338->18350 18355 7ff69f03113d 18338->18355 18471 7ff69f029c50 18339->18471 18344 7ff69f031037 18341->18344 18343->18338 18343->18354 18477 7ff69f0379fc 18343->18477 18347 7ff69f02af0c __free_lconv_mon 11 API calls 18344->18347 18346 7ff69f02af0c __free_lconv_mon 11 API calls 18346->18328 18351 7ff69f031045 18347->18351 18348 7ff69f030ffd 18348->18343 18357 7ff69f0315f4 45 API calls 18348->18357 18349 7ff69f030fdf 18352 7ff69f0254c4 _set_fmode 11 API calls 18349->18352 18353 7ff69f02af0c __free_lconv_mon 11 API calls 18350->18353 18351->18343 18351->18354 18359 7ff69f02f158 _set_fmode 11 API calls 18351->18359 18352->18354 18356 7ff69f0310f4 18353->18356 18354->18346 18355->18354 18358 7ff69f033a4c 40 API calls 18355->18358 18368 7ff69f0310f9 18356->18368 18513 7ff69f033a4c 18356->18513 18357->18343 18360 7ff69f03117a 18358->18360 18362 7ff69f031067 18359->18362 18363 7ff69f02af0c __free_lconv_mon 11 API calls 18360->18363 18366 7ff69f02af0c __free_lconv_mon 11 API calls 18362->18366 18367 7ff69f031184 18363->18367 18364 7ff69f031125 18369 7ff69f02af0c __free_lconv_mon 11 API calls 18364->18369 18365 7ff69f031240 18370 7ff69f02af0c __free_lconv_mon 11 API calls 18365->18370 18366->18343 18367->18354 18367->18368 18368->18365 18371 7ff69f02f158 _set_fmode 11 API calls 18368->18371 18369->18368 18370->18328 18372 7ff69f0311c8 18371->18372 18373 7ff69f0311d9 18372->18373 18374 7ff69f0311d0 18372->18374 18376 7ff69f02aa3c __std_exception_copy 37 API calls 18373->18376 18375 7ff69f02af0c __free_lconv_mon 11 API calls 18374->18375 18377 7ff69f0311d7 18375->18377 18378 7ff69f0311e8 18376->18378 18382 7ff69f02af0c __free_lconv_mon 11 API calls 18377->18382 18379 7ff69f03127b 18378->18379 18380 7ff69f0311f0 18378->18380 18381 7ff69f02aec4 _wfindfirst32i64 17 API calls 18379->18381 18522 7ff69f037b14 18380->18522 18385 7ff69f03128f 18381->18385 18382->18328 18388 7ff69f0312b8 18385->18388 18395 7ff69f0312c8 18385->18395 18386 7ff69f031238 18391 7ff69f02af0c __free_lconv_mon 11 API calls 18386->18391 18387 7ff69f031217 18389 7ff69f0254c4 _set_fmode 11 API calls 18387->18389 18390 7ff69f0254c4 _set_fmode 11 API calls 18388->18390 18392 7ff69f03121c 18389->18392 18418 7ff69f0312bd 18390->18418 18391->18365 18393 7ff69f02af0c __free_lconv_mon 11 API calls 18392->18393 18393->18377 18394 7ff69f0315ab 18397 7ff69f0254c4 _set_fmode 11 API calls 18394->18397 18395->18394 18396 7ff69f0312ea 18395->18396 18399 7ff69f031307 18396->18399 18541 7ff69f0316dc 18396->18541 18398 7ff69f0315b0 18397->18398 18401 7ff69f02af0c __free_lconv_mon 11 API calls 18398->18401 18402 7ff69f03137b 18399->18402 18404 7ff69f03132f 18399->18404 18408 7ff69f03136f 18399->18408 18401->18418 18406 7ff69f0313a3 18402->18406 18409 7ff69f02f158 _set_fmode 11 API calls 18402->18409 18424 7ff69f03133e 18402->18424 18403 7ff69f03142e 18417 7ff69f03144b 18403->18417 18425 7ff69f03149e 18403->18425 18556 7ff69f029c8c 18404->18556 18406->18408 18411 7ff69f02f158 _set_fmode 11 API calls 18406->18411 18406->18424 18408->18403 18408->18424 18562 7ff69f0378bc 18408->18562 18413 7ff69f031395 18409->18413 18416 7ff69f0313c5 18411->18416 18412 7ff69f02af0c __free_lconv_mon 11 API calls 18412->18418 18419 7ff69f02af0c __free_lconv_mon 11 API calls 18413->18419 18414 7ff69f031339 18420 7ff69f0254c4 _set_fmode 11 API calls 18414->18420 18415 7ff69f031357 18415->18408 18423 7ff69f0316dc 45 API calls 18415->18423 18421 7ff69f02af0c __free_lconv_mon 11 API calls 18416->18421 18422 7ff69f02af0c __free_lconv_mon 11 API calls 18417->18422 18419->18406 18420->18424 18421->18408 18426 7ff69f031454 18422->18426 18423->18408 18424->18412 18425->18424 18427 7ff69f033a4c 40 API calls 18425->18427 18430 7ff69f033a4c 40 API calls 18426->18430 18432 7ff69f03145a 18426->18432 18428 7ff69f0314dc 18427->18428 18429 7ff69f02af0c __free_lconv_mon 11 API calls 18428->18429 18431 7ff69f0314e6 18429->18431 18434 7ff69f031486 18430->18434 18431->18424 18431->18432 18433 7ff69f03159f 18432->18433 18437 7ff69f02f158 _set_fmode 11 API calls 18432->18437 18436 7ff69f02af0c __free_lconv_mon 11 API calls 18433->18436 18435 7ff69f02af0c __free_lconv_mon 11 API calls 18434->18435 18435->18432 18436->18418 18438 7ff69f03152b 18437->18438 18439 7ff69f03153c 18438->18439 18440 7ff69f031533 18438->18440 18442 7ff69f030e54 _wfindfirst32i64 37 API calls 18439->18442 18441 7ff69f02af0c __free_lconv_mon 11 API calls 18440->18441 18443 7ff69f03153a 18441->18443 18444 7ff69f03154a 18442->18444 18450 7ff69f02af0c __free_lconv_mon 11 API calls 18443->18450 18445 7ff69f0315df 18444->18445 18446 7ff69f031552 SetEnvironmentVariableW 18444->18446 18449 7ff69f02aec4 _wfindfirst32i64 17 API calls 18445->18449 18447 7ff69f031576 18446->18447 18448 7ff69f031597 18446->18448 18451 7ff69f0254c4 _set_fmode 11 API calls 18447->18451 18453 7ff69f02af0c __free_lconv_mon 11 API calls 18448->18453 18452 7ff69f0315f3 18449->18452 18450->18418 18454 7ff69f03157b 18451->18454 18453->18433 18455 7ff69f02af0c __free_lconv_mon 11 API calls 18454->18455 18455->18443 18457 7ff69f031629 18456->18457 18458 7ff69f031611 18456->18458 18459 7ff69f02f158 _set_fmode 11 API calls 18457->18459 18458->18334 18466 7ff69f03164d 18459->18466 18460 7ff69f02aa9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18462 7ff69f0316d8 18460->18462 18461 7ff69f0316ae 18463 7ff69f02af0c __free_lconv_mon 11 API calls 18461->18463 18463->18458 18464 7ff69f02f158 _set_fmode 11 API calls 18464->18466 18465 7ff69f02af0c __free_lconv_mon 11 API calls 18465->18466 18466->18461 18466->18464 18466->18465 18467 7ff69f02aa3c __std_exception_copy 37 API calls 18466->18467 18468 7ff69f0316bd 18466->18468 18470 7ff69f0316d2 18466->18470 18467->18466 18469 7ff69f02aec4 _wfindfirst32i64 17 API calls 18468->18469 18469->18470 18470->18460 18472 7ff69f029c69 18471->18472 18473 7ff69f029c60 18471->18473 18472->18348 18472->18349 18473->18472 18586 7ff69f029728 18473->18586 18478 7ff69f037a09 18477->18478 18479 7ff69f036bac 18477->18479 18481 7ff69f024f98 45 API calls 18478->18481 18480 7ff69f036bb9 18479->18480 18487 7ff69f036bef 18479->18487 18484 7ff69f0254c4 _set_fmode 11 API calls 18480->18484 18485 7ff69f036b60 18480->18485 18483 7ff69f037a3d 18481->18483 18482 7ff69f036c19 18486 7ff69f0254c4 _set_fmode 11 API calls 18482->18486 18491 7ff69f037a53 18483->18491 18495 7ff69f037a6a 18483->18495 18505 7ff69f037a42 18483->18505 18488 7ff69f036bc3 18484->18488 18485->18343 18489 7ff69f036c1e 18486->18489 18487->18482 18490 7ff69f036c3e 18487->18490 18492 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18488->18492 18494 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18489->18494 18499 7ff69f024f98 45 API calls 18490->18499 18511 7ff69f036c29 18490->18511 18496 7ff69f0254c4 _set_fmode 11 API calls 18491->18496 18493 7ff69f036bce 18492->18493 18493->18343 18494->18511 18497 7ff69f037a86 18495->18497 18498 7ff69f037a74 18495->18498 18500 7ff69f037a58 18496->18500 18503 7ff69f037a97 18497->18503 18504 7ff69f037aae 18497->18504 18502 7ff69f0254c4 _set_fmode 11 API calls 18498->18502 18499->18511 18501 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18500->18501 18501->18505 18506 7ff69f037a79 18502->18506 18809 7ff69f036bfc 18503->18809 18818 7ff69f039824 18504->18818 18505->18343 18509 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18506->18509 18509->18505 18511->18343 18512 7ff69f0254c4 _set_fmode 11 API calls 18512->18505 18514 7ff69f033a6e 18513->18514 18517 7ff69f033a8b 18513->18517 18515 7ff69f033a7c 18514->18515 18514->18517 18518 7ff69f0254c4 _set_fmode 11 API calls 18515->18518 18516 7ff69f033a95 18865 7ff69f030ebc 18516->18865 18517->18516 18858 7ff69f038508 18517->18858 18521 7ff69f033a81 __scrt_get_show_window_mode 18518->18521 18521->18364 18523 7ff69f024f98 45 API calls 18522->18523 18525 7ff69f037b7a 18523->18525 18524 7ff69f037b88 18527 7ff69f025584 14 API calls 18524->18527 18525->18524 18526 7ff69f02f3e4 5 API calls 18525->18526 18526->18524 18528 7ff69f037be4 18527->18528 18529 7ff69f037c74 18528->18529 18530 7ff69f024f98 45 API calls 18528->18530 18531 7ff69f037c85 18529->18531 18533 7ff69f02af0c __free_lconv_mon 11 API calls 18529->18533 18532 7ff69f037bf7 18530->18532 18534 7ff69f031213 18531->18534 18536 7ff69f02af0c __free_lconv_mon 11 API calls 18531->18536 18535 7ff69f02f3e4 5 API calls 18532->18535 18537 7ff69f037c00 18532->18537 18533->18531 18534->18386 18534->18387 18535->18537 18536->18534 18538 7ff69f025584 14 API calls 18537->18538 18539 7ff69f037c5b 18538->18539 18539->18529 18540 7ff69f037c63 SetEnvironmentVariableW 18539->18540 18540->18529 18542 7ff69f03171c 18541->18542 18549 7ff69f0316ff 18541->18549 18543 7ff69f02f158 _set_fmode 11 API calls 18542->18543 18544 7ff69f031740 18543->18544 18545 7ff69f0317a1 18544->18545 18550 7ff69f02f158 _set_fmode 11 API calls 18544->18550 18551 7ff69f02af0c __free_lconv_mon 11 API calls 18544->18551 18552 7ff69f030e54 _wfindfirst32i64 37 API calls 18544->18552 18553 7ff69f0317b0 18544->18553 18555 7ff69f0317c4 18544->18555 18547 7ff69f02af0c __free_lconv_mon 11 API calls 18545->18547 18546 7ff69f02aa9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18548 7ff69f0317ca 18546->18548 18547->18549 18549->18399 18550->18544 18551->18544 18552->18544 18554 7ff69f02aec4 _wfindfirst32i64 17 API calls 18553->18554 18554->18555 18555->18546 18557 7ff69f029c9c 18556->18557 18558 7ff69f029ca5 18556->18558 18557->18558 18877 7ff69f02979c 18557->18877 18558->18414 18558->18415 18563 7ff69f0378c9 18562->18563 18567 7ff69f0378f6 18562->18567 18564 7ff69f0378ce 18563->18564 18563->18567 18565 7ff69f0254c4 _set_fmode 11 API calls 18564->18565 18568 7ff69f0378d3 18565->18568 18566 7ff69f03793a 18569 7ff69f0254c4 _set_fmode 11 API calls 18566->18569 18567->18566 18570 7ff69f037959 18567->18570 18584 7ff69f03792e __crtLCMapStringW 18567->18584 18571 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18568->18571 18575 7ff69f03793f 18569->18575 18572 7ff69f037975 18570->18572 18573 7ff69f037963 18570->18573 18574 7ff69f0378de 18571->18574 18577 7ff69f024f98 45 API calls 18572->18577 18576 7ff69f0254c4 _set_fmode 11 API calls 18573->18576 18574->18408 18578 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18575->18578 18579 7ff69f037968 18576->18579 18580 7ff69f037982 18577->18580 18578->18584 18581 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18579->18581 18580->18584 18924 7ff69f0393e0 18580->18924 18581->18584 18584->18408 18585 7ff69f0254c4 _set_fmode 11 API calls 18585->18584 18587 7ff69f029741 18586->18587 18600 7ff69f02973d 18586->18600 18609 7ff69f032c60 18587->18609 18592 7ff69f02975f 18635 7ff69f02980c 18592->18635 18593 7ff69f029753 18594 7ff69f02af0c __free_lconv_mon 11 API calls 18593->18594 18594->18600 18597 7ff69f02af0c __free_lconv_mon 11 API calls 18598 7ff69f029786 18597->18598 18599 7ff69f02af0c __free_lconv_mon 11 API calls 18598->18599 18599->18600 18600->18472 18601 7ff69f029a7c 18600->18601 18602 7ff69f029aa5 18601->18602 18607 7ff69f029abe 18601->18607 18602->18472 18603 7ff69f0304c8 WideCharToMultiByte 18603->18607 18604 7ff69f02f158 _set_fmode 11 API calls 18604->18607 18605 7ff69f029b4e 18606 7ff69f02af0c __free_lconv_mon 11 API calls 18605->18606 18606->18602 18607->18602 18607->18603 18607->18604 18607->18605 18608 7ff69f02af0c __free_lconv_mon 11 API calls 18607->18608 18608->18607 18610 7ff69f029746 18609->18610 18611 7ff69f032c6d 18609->18611 18615 7ff69f032f9c GetEnvironmentStringsW 18610->18615 18654 7ff69f02b7e4 18611->18654 18616 7ff69f02974b 18615->18616 18617 7ff69f032fcc 18615->18617 18616->18592 18616->18593 18618 7ff69f0304c8 WideCharToMultiByte 18617->18618 18619 7ff69f03301d 18618->18619 18620 7ff69f033024 FreeEnvironmentStringsW 18619->18620 18621 7ff69f02dbbc _fread_nolock 12 API calls 18619->18621 18620->18616 18622 7ff69f033037 18621->18622 18623 7ff69f033048 18622->18623 18624 7ff69f03303f 18622->18624 18626 7ff69f0304c8 WideCharToMultiByte 18623->18626 18625 7ff69f02af0c __free_lconv_mon 11 API calls 18624->18625 18627 7ff69f033046 18625->18627 18628 7ff69f03306b 18626->18628 18627->18620 18629 7ff69f033079 18628->18629 18630 7ff69f03306f 18628->18630 18632 7ff69f02af0c __free_lconv_mon 11 API calls 18629->18632 18631 7ff69f02af0c __free_lconv_mon 11 API calls 18630->18631 18633 7ff69f033077 FreeEnvironmentStringsW 18631->18633 18632->18633 18633->18616 18636 7ff69f029831 18635->18636 18637 7ff69f02f158 _set_fmode 11 API calls 18636->18637 18642 7ff69f029867 18637->18642 18638 7ff69f02af0c __free_lconv_mon 11 API calls 18639 7ff69f029767 18638->18639 18639->18597 18640 7ff69f0298e2 18641 7ff69f02af0c __free_lconv_mon 11 API calls 18640->18641 18641->18639 18642->18640 18643 7ff69f02f158 _set_fmode 11 API calls 18642->18643 18644 7ff69f0298d1 18642->18644 18646 7ff69f02aa3c __std_exception_copy 37 API calls 18642->18646 18649 7ff69f029907 18642->18649 18650 7ff69f02986f 18642->18650 18652 7ff69f02af0c __free_lconv_mon 11 API calls 18642->18652 18643->18642 18803 7ff69f029a38 18644->18803 18646->18642 18648 7ff69f02af0c __free_lconv_mon 11 API calls 18648->18650 18651 7ff69f02aec4 _wfindfirst32i64 17 API calls 18649->18651 18650->18638 18653 7ff69f02991a 18651->18653 18652->18642 18655 7ff69f02b810 FlsSetValue 18654->18655 18656 7ff69f02b7f5 FlsGetValue 18654->18656 18658 7ff69f02b802 18655->18658 18659 7ff69f02b81d 18655->18659 18657 7ff69f02b80a 18656->18657 18656->18658 18657->18655 18660 7ff69f02b808 18658->18660 18661 7ff69f02aa9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18658->18661 18662 7ff69f02f158 _set_fmode 11 API calls 18659->18662 18674 7ff69f032934 18660->18674 18663 7ff69f02b885 18661->18663 18664 7ff69f02b82c 18662->18664 18665 7ff69f02b84a FlsSetValue 18664->18665 18666 7ff69f02b83a FlsSetValue 18664->18666 18667 7ff69f02b868 18665->18667 18668 7ff69f02b856 FlsSetValue 18665->18668 18669 7ff69f02b843 18666->18669 18670 7ff69f02b4b8 _set_fmode 11 API calls 18667->18670 18668->18669 18671 7ff69f02af0c __free_lconv_mon 11 API calls 18669->18671 18672 7ff69f02b870 18670->18672 18671->18658 18673 7ff69f02af0c __free_lconv_mon 11 API calls 18672->18673 18673->18660 18697 7ff69f032ba4 18674->18697 18676 7ff69f032969 18712 7ff69f032634 18676->18712 18679 7ff69f02dbbc _fread_nolock 12 API calls 18680 7ff69f032997 18679->18680 18681 7ff69f03299f 18680->18681 18683 7ff69f0329ae 18680->18683 18682 7ff69f02af0c __free_lconv_mon 11 API calls 18681->18682 18695 7ff69f032986 18682->18695 18683->18683 18719 7ff69f032cdc 18683->18719 18686 7ff69f032aaa 18687 7ff69f0254c4 _set_fmode 11 API calls 18686->18687 18689 7ff69f032aaf 18687->18689 18688 7ff69f032b05 18696 7ff69f032b6c 18688->18696 18730 7ff69f032464 18688->18730 18691 7ff69f02af0c __free_lconv_mon 11 API calls 18689->18691 18690 7ff69f032ac4 18690->18688 18692 7ff69f02af0c __free_lconv_mon 11 API calls 18690->18692 18691->18695 18692->18688 18694 7ff69f02af0c __free_lconv_mon 11 API calls 18694->18695 18695->18610 18696->18694 18698 7ff69f032bc7 18697->18698 18699 7ff69f032bd1 18698->18699 18745 7ff69f030cb8 EnterCriticalSection 18698->18745 18702 7ff69f032c43 18699->18702 18705 7ff69f02aa9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18699->18705 18702->18676 18706 7ff69f032c5b 18705->18706 18708 7ff69f032cb2 18706->18708 18709 7ff69f02b7e4 50 API calls 18706->18709 18708->18676 18710 7ff69f032c9c 18709->18710 18711 7ff69f032934 65 API calls 18710->18711 18711->18708 18713 7ff69f024f98 45 API calls 18712->18713 18714 7ff69f032648 18713->18714 18715 7ff69f032666 18714->18715 18716 7ff69f032654 GetOEMCP 18714->18716 18717 7ff69f03267b 18715->18717 18718 7ff69f03266b GetACP 18715->18718 18716->18717 18717->18679 18717->18695 18718->18717 18720 7ff69f032634 47 API calls 18719->18720 18721 7ff69f032d09 18720->18721 18722 7ff69f032e5f 18721->18722 18724 7ff69f032d46 IsValidCodePage 18721->18724 18728 7ff69f032d60 __scrt_get_show_window_mode 18721->18728 18723 7ff69f01bcc0 _wfindfirst32i64 8 API calls 18722->18723 18725 7ff69f032aa1 18723->18725 18724->18722 18726 7ff69f032d57 18724->18726 18725->18686 18725->18690 18727 7ff69f032d86 GetCPInfo 18726->18727 18726->18728 18727->18722 18727->18728 18746 7ff69f03274c 18728->18746 18802 7ff69f030cb8 EnterCriticalSection 18730->18802 18747 7ff69f032789 GetCPInfo 18746->18747 18748 7ff69f03287f 18746->18748 18747->18748 18749 7ff69f03279c 18747->18749 18750 7ff69f01bcc0 _wfindfirst32i64 8 API calls 18748->18750 18751 7ff69f0334b0 48 API calls 18749->18751 18752 7ff69f03291e 18750->18752 18753 7ff69f032813 18751->18753 18752->18722 18757 7ff69f038454 18753->18757 18756 7ff69f038454 54 API calls 18756->18748 18758 7ff69f024f98 45 API calls 18757->18758 18759 7ff69f038479 18758->18759 18762 7ff69f038120 18759->18762 18763 7ff69f038161 18762->18763 18764 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18763->18764 18767 7ff69f0381ab 18764->18767 18765 7ff69f038429 18766 7ff69f01bcc0 _wfindfirst32i64 8 API calls 18765->18766 18768 7ff69f032846 18766->18768 18767->18765 18769 7ff69f02dbbc _fread_nolock 12 API calls 18767->18769 18770 7ff69f0382e1 18767->18770 18772 7ff69f0381e3 18767->18772 18768->18756 18769->18772 18770->18765 18771 7ff69f02af0c __free_lconv_mon 11 API calls 18770->18771 18771->18765 18772->18770 18773 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18772->18773 18774 7ff69f038256 18773->18774 18774->18770 18793 7ff69f02f5a4 18774->18793 18777 7ff69f0382a1 18777->18770 18780 7ff69f02f5a4 __crtLCMapStringW 6 API calls 18777->18780 18778 7ff69f0382f2 18779 7ff69f02dbbc _fread_nolock 12 API calls 18778->18779 18781 7ff69f0383c4 18778->18781 18782 7ff69f038310 18778->18782 18779->18782 18780->18770 18781->18770 18783 7ff69f02af0c __free_lconv_mon 11 API calls 18781->18783 18782->18770 18784 7ff69f02f5a4 __crtLCMapStringW 6 API calls 18782->18784 18783->18770 18785 7ff69f038390 18784->18785 18785->18781 18786 7ff69f0383c6 18785->18786 18787 7ff69f0383b0 18785->18787 18788 7ff69f0304c8 WideCharToMultiByte 18786->18788 18789 7ff69f0304c8 WideCharToMultiByte 18787->18789 18790 7ff69f0383be 18788->18790 18789->18790 18790->18781 18791 7ff69f0383de 18790->18791 18791->18770 18792 7ff69f02af0c __free_lconv_mon 11 API calls 18791->18792 18792->18770 18794 7ff69f02f1d0 __crtLCMapStringW 5 API calls 18793->18794 18795 7ff69f02f5e2 18794->18795 18796 7ff69f02f5ea 18795->18796 18799 7ff69f02f690 18795->18799 18796->18770 18796->18777 18796->18778 18798 7ff69f02f653 LCMapStringW 18798->18796 18800 7ff69f02f1d0 __crtLCMapStringW 5 API calls 18799->18800 18801 7ff69f02f6be __crtLCMapStringW 18800->18801 18801->18798 18807 7ff69f029a3d 18803->18807 18808 7ff69f0298d9 18803->18808 18804 7ff69f029a66 18806 7ff69f02af0c __free_lconv_mon 11 API calls 18804->18806 18805 7ff69f02af0c __free_lconv_mon 11 API calls 18805->18807 18806->18808 18807->18804 18807->18805 18808->18648 18810 7ff69f036c19 18809->18810 18811 7ff69f036c30 18809->18811 18812 7ff69f0254c4 _set_fmode 11 API calls 18810->18812 18811->18810 18815 7ff69f036c3e 18811->18815 18813 7ff69f036c1e 18812->18813 18814 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18813->18814 18817 7ff69f036c29 18814->18817 18816 7ff69f024f98 45 API calls 18815->18816 18815->18817 18816->18817 18817->18505 18819 7ff69f024f98 45 API calls 18818->18819 18820 7ff69f039849 18819->18820 18823 7ff69f0394a0 18820->18823 18825 7ff69f0394ee 18823->18825 18824 7ff69f01bcc0 _wfindfirst32i64 8 API calls 18826 7ff69f037ad5 18824->18826 18827 7ff69f039575 18825->18827 18829 7ff69f039560 GetCPInfo 18825->18829 18832 7ff69f039579 18825->18832 18826->18505 18826->18512 18828 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18827->18828 18827->18832 18830 7ff69f03960d 18828->18830 18829->18827 18829->18832 18831 7ff69f02dbbc _fread_nolock 12 API calls 18830->18831 18830->18832 18833 7ff69f039644 18830->18833 18831->18833 18832->18824 18833->18832 18834 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18833->18834 18835 7ff69f0396b2 18834->18835 18836 7ff69f039794 18835->18836 18837 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18835->18837 18836->18832 18838 7ff69f02af0c __free_lconv_mon 11 API calls 18836->18838 18839 7ff69f0396d8 18837->18839 18838->18832 18839->18836 18840 7ff69f02dbbc _fread_nolock 12 API calls 18839->18840 18841 7ff69f039705 18839->18841 18840->18841 18841->18836 18842 7ff69f02fc00 _fread_nolock MultiByteToWideChar 18841->18842 18843 7ff69f03977c 18842->18843 18844 7ff69f03979c 18843->18844 18845 7ff69f039782 18843->18845 18852 7ff69f02f428 18844->18852 18845->18836 18847 7ff69f02af0c __free_lconv_mon 11 API calls 18845->18847 18847->18836 18849 7ff69f0397db 18849->18832 18851 7ff69f02af0c __free_lconv_mon 11 API calls 18849->18851 18850 7ff69f02af0c __free_lconv_mon 11 API calls 18850->18849 18851->18832 18853 7ff69f02f1d0 __crtLCMapStringW 5 API calls 18852->18853 18854 7ff69f02f466 18853->18854 18855 7ff69f02f46e 18854->18855 18856 7ff69f02f690 __crtLCMapStringW 5 API calls 18854->18856 18855->18849 18855->18850 18857 7ff69f02f4d7 CompareStringW 18856->18857 18857->18855 18859 7ff69f03852a HeapSize 18858->18859 18860 7ff69f038511 18858->18860 18861 7ff69f0254c4 _set_fmode 11 API calls 18860->18861 18862 7ff69f038516 18861->18862 18863 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 18862->18863 18864 7ff69f038521 18863->18864 18864->18516 18866 7ff69f030edb 18865->18866 18867 7ff69f030ed1 18865->18867 18869 7ff69f030ee0 18866->18869 18875 7ff69f030ee7 _set_fmode 18866->18875 18868 7ff69f02dbbc _fread_nolock 12 API calls 18867->18868 18874 7ff69f030ed9 18868->18874 18870 7ff69f02af0c __free_lconv_mon 11 API calls 18869->18870 18870->18874 18871 7ff69f030eed 18873 7ff69f0254c4 _set_fmode 11 API calls 18871->18873 18872 7ff69f030f1a HeapReAlloc 18872->18874 18872->18875 18873->18874 18874->18521 18875->18871 18875->18872 18876 7ff69f033c00 _set_fmode 2 API calls 18875->18876 18876->18875 18878 7ff69f0297b1 18877->18878 18879 7ff69f0297b5 18877->18879 18878->18558 18890 7ff69f029b5c 18878->18890 18898 7ff69f0330ac GetEnvironmentStringsW 18879->18898 18882 7ff69f0297ce 18905 7ff69f02991c 18882->18905 18883 7ff69f0297c2 18884 7ff69f02af0c __free_lconv_mon 11 API calls 18883->18884 18884->18878 18887 7ff69f02af0c __free_lconv_mon 11 API calls 18888 7ff69f0297f5 18887->18888 18889 7ff69f02af0c __free_lconv_mon 11 API calls 18888->18889 18889->18878 18891 7ff69f029b7f 18890->18891 18896 7ff69f029b96 18890->18896 18891->18558 18892 7ff69f02f158 _set_fmode 11 API calls 18892->18896 18893 7ff69f029c0a 18895 7ff69f02af0c __free_lconv_mon 11 API calls 18893->18895 18894 7ff69f02fc00 MultiByteToWideChar _fread_nolock 18894->18896 18895->18891 18896->18891 18896->18892 18896->18893 18896->18894 18897 7ff69f02af0c __free_lconv_mon 11 API calls 18896->18897 18897->18896 18899 7ff69f0297ba 18898->18899 18901 7ff69f0330d0 18898->18901 18899->18882 18899->18883 18900 7ff69f02dbbc _fread_nolock 12 API calls 18902 7ff69f033107 memcpy_s 18900->18902 18901->18900 18903 7ff69f02af0c __free_lconv_mon 11 API calls 18902->18903 18904 7ff69f033127 FreeEnvironmentStringsW 18903->18904 18904->18899 18906 7ff69f029944 18905->18906 18907 7ff69f02f158 _set_fmode 11 API calls 18906->18907 18918 7ff69f02997f 18907->18918 18908 7ff69f029987 18909 7ff69f02af0c __free_lconv_mon 11 API calls 18908->18909 18910 7ff69f0297d6 18909->18910 18910->18887 18911 7ff69f029a01 18912 7ff69f02af0c __free_lconv_mon 11 API calls 18911->18912 18912->18910 18913 7ff69f02f158 _set_fmode 11 API calls 18913->18918 18914 7ff69f0299f0 18915 7ff69f029a38 11 API calls 18914->18915 18917 7ff69f0299f8 18915->18917 18916 7ff69f030e54 _wfindfirst32i64 37 API calls 18916->18918 18920 7ff69f02af0c __free_lconv_mon 11 API calls 18917->18920 18918->18908 18918->18911 18918->18913 18918->18914 18918->18916 18919 7ff69f029a24 18918->18919 18921 7ff69f02af0c __free_lconv_mon 11 API calls 18918->18921 18922 7ff69f02aec4 _wfindfirst32i64 17 API calls 18919->18922 18920->18908 18921->18918 18923 7ff69f029a36 18922->18923 18925 7ff69f039409 __crtLCMapStringW 18924->18925 18926 7ff69f0379be 18925->18926 18927 7ff69f02f428 6 API calls 18925->18927 18926->18584 18926->18585 18927->18926 15158 7ff69f02fcec 15159 7ff69f02fede 15158->15159 15161 7ff69f02fd2e _isindst 15158->15161 15211 7ff69f0254c4 15159->15211 15161->15159 15164 7ff69f02fdae _isindst 15161->15164 15179 7ff69f036904 15164->15179 15169 7ff69f02ff0a 15223 7ff69f02aec4 IsProcessorFeaturePresent 15169->15223 15176 7ff69f02fe0b 15178 7ff69f02fece 15176->15178 15204 7ff69f036948 15176->15204 15214 7ff69f01bcc0 15178->15214 15180 7ff69f02fdcc 15179->15180 15181 7ff69f036913 15179->15181 15186 7ff69f035d08 15180->15186 15227 7ff69f030cb8 EnterCriticalSection 15181->15227 15187 7ff69f02fde1 15186->15187 15188 7ff69f035d11 15186->15188 15187->15169 15192 7ff69f035d38 15187->15192 15189 7ff69f0254c4 _set_fmode 11 API calls 15188->15189 15190 7ff69f035d16 15189->15190 15228 7ff69f02aea4 15190->15228 15193 7ff69f02fdf2 15192->15193 15194 7ff69f035d41 15192->15194 15193->15169 15198 7ff69f035d68 15193->15198 15195 7ff69f0254c4 _set_fmode 11 API calls 15194->15195 15196 7ff69f035d46 15195->15196 15197 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 15196->15197 15197->15193 15199 7ff69f02fe03 15198->15199 15200 7ff69f035d71 15198->15200 15199->15169 15199->15176 15201 7ff69f0254c4 _set_fmode 11 API calls 15200->15201 15202 7ff69f035d76 15201->15202 15203 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 15202->15203 15203->15199 15309 7ff69f030cb8 EnterCriticalSection 15204->15309 15310 7ff69f02b888 GetLastError 15211->15310 15213 7ff69f0254cd 15213->15178 15215 7ff69f01bcc9 15214->15215 15216 7ff69f01bcd4 15215->15216 15217 7ff69f01bd20 IsProcessorFeaturePresent 15215->15217 15218 7ff69f01bd38 15217->15218 15327 7ff69f01bf14 RtlCaptureContext 15218->15327 15224 7ff69f02aed7 15223->15224 15332 7ff69f02abd8 15224->15332 15230 7ff69f02ad3c 15228->15230 15231 7ff69f02ad67 15230->15231 15234 7ff69f02add8 15231->15234 15233 7ff69f02ad8e 15242 7ff69f02ab20 15234->15242 15239 7ff69f02ae13 15239->15233 15240 7ff69f02aec4 _wfindfirst32i64 17 API calls 15241 7ff69f02aea3 15240->15241 15243 7ff69f02ab77 15242->15243 15244 7ff69f02ab3c GetLastError 15242->15244 15243->15239 15248 7ff69f02ab8c 15243->15248 15245 7ff69f02ab4c 15244->15245 15251 7ff69f02b950 15245->15251 15249 7ff69f02aba8 GetLastError SetLastError 15248->15249 15250 7ff69f02abc0 15248->15250 15249->15250 15250->15239 15250->15240 15252 7ff69f02b98a FlsSetValue 15251->15252 15253 7ff69f02b96f FlsGetValue 15251->15253 15255 7ff69f02b997 15252->15255 15256 7ff69f02ab67 SetLastError 15252->15256 15254 7ff69f02b984 15253->15254 15253->15256 15254->15252 15268 7ff69f02f158 15255->15268 15256->15243 15259 7ff69f02b9c4 FlsSetValue 15262 7ff69f02b9d0 FlsSetValue 15259->15262 15263 7ff69f02b9e2 15259->15263 15260 7ff69f02b9b4 FlsSetValue 15261 7ff69f02b9bd 15260->15261 15275 7ff69f02af0c 15261->15275 15262->15261 15281 7ff69f02b4b8 15263->15281 15273 7ff69f02f169 _set_fmode 15268->15273 15269 7ff69f02f1ba 15272 7ff69f0254c4 _set_fmode 10 API calls 15269->15272 15270 7ff69f02f19e HeapAlloc 15271 7ff69f02b9a6 15270->15271 15270->15273 15271->15259 15271->15260 15272->15271 15273->15269 15273->15270 15286 7ff69f033c00 15273->15286 15276 7ff69f02af40 15275->15276 15277 7ff69f02af11 RtlFreeHeap 15275->15277 15276->15256 15277->15276 15278 7ff69f02af2c GetLastError 15277->15278 15279 7ff69f02af39 __free_lconv_mon 15278->15279 15280 7ff69f0254c4 _set_fmode 9 API calls 15279->15280 15280->15276 15295 7ff69f02b390 15281->15295 15289 7ff69f033c40 15286->15289 15294 7ff69f030cb8 EnterCriticalSection 15289->15294 15307 7ff69f030cb8 EnterCriticalSection 15295->15307 15311 7ff69f02b8c9 FlsSetValue 15310->15311 15314 7ff69f02b8ac 15310->15314 15312 7ff69f02b8b9 15311->15312 15313 7ff69f02b8db 15311->15313 15315 7ff69f02b935 SetLastError 15312->15315 15316 7ff69f02f158 _set_fmode 5 API calls 15313->15316 15314->15311 15314->15312 15315->15213 15317 7ff69f02b8ea 15316->15317 15318 7ff69f02b908 FlsSetValue 15317->15318 15319 7ff69f02b8f8 FlsSetValue 15317->15319 15321 7ff69f02b926 15318->15321 15322 7ff69f02b914 FlsSetValue 15318->15322 15320 7ff69f02b901 15319->15320 15323 7ff69f02af0c __free_lconv_mon 5 API calls 15320->15323 15324 7ff69f02b4b8 _set_fmode 5 API calls 15321->15324 15322->15320 15323->15312 15325 7ff69f02b92e 15324->15325 15326 7ff69f02af0c __free_lconv_mon 5 API calls 15325->15326 15326->15315 15328 7ff69f01bf2e RtlLookupFunctionEntry 15327->15328 15329 7ff69f01bd4b 15328->15329 15330 7ff69f01bf44 RtlVirtualUnwind 15328->15330 15331 7ff69f01bce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15329->15331 15330->15328 15330->15329 15333 7ff69f02ac12 _wfindfirst32i64 __scrt_get_show_window_mode 15332->15333 15334 7ff69f02ac3a RtlCaptureContext RtlLookupFunctionEntry 15333->15334 15335 7ff69f02acaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15334->15335 15336 7ff69f02ac74 RtlVirtualUnwind 15334->15336 15337 7ff69f02acfc _wfindfirst32i64 15335->15337 15336->15335 15338 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15337->15338 15339 7ff69f02ad1b GetCurrentProcess TerminateProcess 15338->15339 19076 7ff69f03a96e 19077 7ff69f03a97e 19076->19077 19080 7ff69f025378 LeaveCriticalSection 19077->19080 19401 7ff69f03aaf4 19404 7ff69f025378 LeaveCriticalSection 19401->19404 19411 7ff69f02a2e0 19414 7ff69f02a25c 19411->19414 19421 7ff69f030cb8 EnterCriticalSection 19414->19421 19422 7ff69f02cae0 19433 7ff69f030cb8 EnterCriticalSection 19422->19433 19105 7ff69f03ab89 19106 7ff69f03ab98 19105->19106 19107 7ff69f03aba2 19105->19107 19109 7ff69f030d18 LeaveCriticalSection 19106->19109 19124 7ff69f02b590 19125 7ff69f02b5aa 19124->19125 19126 7ff69f02b595 19124->19126 19130 7ff69f02b5b0 19126->19130 19131 7ff69f02b5fa 19130->19131 19132 7ff69f02b5f2 19130->19132 19134 7ff69f02af0c __free_lconv_mon 11 API calls 19131->19134 19133 7ff69f02af0c __free_lconv_mon 11 API calls 19132->19133 19133->19131 19135 7ff69f02b607 19134->19135 19136 7ff69f02af0c __free_lconv_mon 11 API calls 19135->19136 19137 7ff69f02b614 19136->19137 19138 7ff69f02af0c __free_lconv_mon 11 API calls 19137->19138 19139 7ff69f02b621 19138->19139 19140 7ff69f02af0c __free_lconv_mon 11 API calls 19139->19140 19141 7ff69f02b62e 19140->19141 19142 7ff69f02af0c __free_lconv_mon 11 API calls 19141->19142 19143 7ff69f02b63b 19142->19143 19144 7ff69f02af0c __free_lconv_mon 11 API calls 19143->19144 19145 7ff69f02b648 19144->19145 19146 7ff69f02af0c __free_lconv_mon 11 API calls 19145->19146 19147 7ff69f02b655 19146->19147 19148 7ff69f02af0c __free_lconv_mon 11 API calls 19147->19148 19149 7ff69f02b665 19148->19149 19150 7ff69f02af0c __free_lconv_mon 11 API calls 19149->19150 19151 7ff69f02b675 19150->19151 19156 7ff69f02b458 19151->19156 19170 7ff69f030cb8 EnterCriticalSection 19156->19170 19172 7ff69f01bf90 19173 7ff69f01bfa0 19172->19173 19189 7ff69f02a138 19173->19189 19175 7ff69f01bfac 19195 7ff69f01c298 19175->19195 19177 7ff69f01c57c 7 API calls 19178 7ff69f01c045 19177->19178 19179 7ff69f01bfc4 _RTC_Initialize 19187 7ff69f01c019 19179->19187 19200 7ff69f01c448 19179->19200 19181 7ff69f01bfd9 19203 7ff69f0295a4 19181->19203 19187->19177 19188 7ff69f01c035 19187->19188 19190 7ff69f02a149 19189->19190 19191 7ff69f02a151 19190->19191 19192 7ff69f0254c4 _set_fmode 11 API calls 19190->19192 19191->19175 19193 7ff69f02a160 19192->19193 19194 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 19193->19194 19194->19191 19196 7ff69f01c2a9 19195->19196 19199 7ff69f01c2ae __scrt_release_startup_lock 19195->19199 19197 7ff69f01c57c 7 API calls 19196->19197 19196->19199 19198 7ff69f01c322 19197->19198 19199->19179 19228 7ff69f01c40c 19200->19228 19202 7ff69f01c451 19202->19181 19204 7ff69f0295c4 19203->19204 19218 7ff69f01bfe5 19203->19218 19205 7ff69f0295cc 19204->19205 19206 7ff69f0295e2 GetModuleFileNameW 19204->19206 19207 7ff69f0254c4 _set_fmode 11 API calls 19205->19207 19210 7ff69f02960d 19206->19210 19208 7ff69f0295d1 19207->19208 19209 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 19208->19209 19209->19218 19243 7ff69f029544 19210->19243 19213 7ff69f02966d 19219 7ff69f02968f 19213->19219 19221 7ff69f0296bb 19213->19221 19222 7ff69f0296d4 19213->19222 19214 7ff69f029655 19215 7ff69f0254c4 _set_fmode 11 API calls 19214->19215 19216 7ff69f02965a 19215->19216 19217 7ff69f02af0c __free_lconv_mon 11 API calls 19216->19217 19217->19218 19218->19187 19227 7ff69f01c51c InitializeSListHead 19218->19227 19220 7ff69f02af0c __free_lconv_mon 11 API calls 19219->19220 19220->19218 19223 7ff69f02af0c __free_lconv_mon 11 API calls 19221->19223 19225 7ff69f02af0c __free_lconv_mon 11 API calls 19222->19225 19224 7ff69f0296c4 19223->19224 19226 7ff69f02af0c __free_lconv_mon 11 API calls 19224->19226 19225->19219 19226->19218 19229 7ff69f01c426 19228->19229 19231 7ff69f01c41f 19228->19231 19232 7ff69f02a77c 19229->19232 19231->19202 19235 7ff69f02a3b8 19232->19235 19242 7ff69f030cb8 EnterCriticalSection 19235->19242 19244 7ff69f029594 19243->19244 19245 7ff69f02955c 19243->19245 19244->19213 19244->19214 19245->19244 19246 7ff69f02f158 _set_fmode 11 API calls 19245->19246 19247 7ff69f02958a 19246->19247 19248 7ff69f02af0c __free_lconv_mon 11 API calls 19247->19248 19248->19244 19514 7ff69f025310 19515 7ff69f02531b 19514->19515 19523 7ff69f02f764 19515->19523 19536 7ff69f030cb8 EnterCriticalSection 19523->19536 15340 7ff69f01c07c 15361 7ff69f01c24c 15340->15361 15343 7ff69f01c1c8 15457 7ff69f01c57c IsProcessorFeaturePresent 15343->15457 15344 7ff69f01c098 __scrt_acquire_startup_lock 15346 7ff69f01c1d2 15344->15346 15353 7ff69f01c0b6 __scrt_release_startup_lock 15344->15353 15347 7ff69f01c57c 7 API calls 15346->15347 15349 7ff69f01c1dd __FrameHandler3::FrameUnwindToEmptyState 15347->15349 15348 7ff69f01c0db 15350 7ff69f01c161 15367 7ff69f01c6c8 15350->15367 15352 7ff69f01c166 15370 7ff69f011000 15352->15370 15353->15348 15353->15350 15446 7ff69f02a0bc 15353->15446 15358 7ff69f01c189 15358->15349 15453 7ff69f01c3e0 15358->15453 15464 7ff69f01c84c 15361->15464 15364 7ff69f01c090 15364->15343 15364->15344 15365 7ff69f01c27b __scrt_initialize_crt 15365->15364 15466 7ff69f01d998 15365->15466 15493 7ff69f01d0e0 15367->15493 15369 7ff69f01c6df GetStartupInfoW 15369->15352 15371 7ff69f01100b 15370->15371 15495 7ff69f0186b0 15371->15495 15373 7ff69f01101d 15502 7ff69f025ef8 15373->15502 15375 7ff69f0139cb 15509 7ff69f011eb0 15375->15509 15378 7ff69f013ad2 15380 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15378->15380 15381 7ff69f013ae6 15380->15381 15451 7ff69f01c70c GetModuleHandleW 15381->15451 15382 7ff69f0139ea 15382->15378 15525 7ff69f017b60 15382->15525 15384 7ff69f013a1f 15385 7ff69f013a6b 15384->15385 15387 7ff69f017b60 61 API calls 15384->15387 15540 7ff69f018040 15385->15540 15392 7ff69f013a40 __std_exception_destroy 15387->15392 15388 7ff69f013a80 15544 7ff69f011cb0 15388->15544 15391 7ff69f013b71 15394 7ff69f013b95 15391->15394 15563 7ff69f0114f0 15391->15563 15392->15385 15395 7ff69f018040 58 API calls 15392->15395 15393 7ff69f011cb0 121 API calls 15396 7ff69f013ab6 15393->15396 15394->15378 15398 7ff69f013bef 15394->15398 15570 7ff69f018ae0 15394->15570 15395->15385 15400 7ff69f013af8 15396->15400 15401 7ff69f013aba 15396->15401 15584 7ff69f016de0 15398->15584 15400->15391 15638 7ff69f013fd0 15400->15638 15625 7ff69f012b30 15401->15625 15402 7ff69f013bcc 15406 7ff69f013bd1 15402->15406 15407 7ff69f013be2 SetDllDirectoryW 15402->15407 15411 7ff69f012b30 59 API calls 15406->15411 15407->15398 15409 7ff69f013c3b 15415 7ff69f013d06 15409->15415 15422 7ff69f013c5a 15409->15422 15411->15378 15413 7ff69f013c09 15413->15409 15670 7ff69f0165f0 15413->15670 15588 7ff69f0134c0 15415->15588 15416 7ff69f013b44 15416->15391 15420 7ff69f013b49 15416->15420 15417 7ff69f012b30 59 API calls 15417->15378 15657 7ff69f02018c 15420->15657 15431 7ff69f013ca5 15422->15431 15712 7ff69f011ef0 15422->15712 15423 7ff69f013c3d 15706 7ff69f016840 15423->15706 15426 7ff69f013b16 15426->15417 15431->15378 15716 7ff69f013460 15431->15716 15433 7ff69f013d2e 15435 7ff69f017b60 61 API calls 15433->15435 15438 7ff69f013d3a 15435->15438 15602 7ff69f018080 15438->15602 15439 7ff69f013ce1 15440 7ff69f016840 FreeLibrary 15439->15440 15440->15378 15447 7ff69f02a0f4 15446->15447 15448 7ff69f02a0d3 15446->15448 18253 7ff69f02a968 15447->18253 15448->15350 15452 7ff69f01c71d 15451->15452 15452->15358 15455 7ff69f01c3f1 15453->15455 15454 7ff69f01c1a0 15454->15348 15455->15454 15456 7ff69f01d998 __scrt_initialize_crt 7 API calls 15455->15456 15456->15454 15458 7ff69f01c5a2 _wfindfirst32i64 __scrt_get_show_window_mode 15457->15458 15459 7ff69f01c5c1 RtlCaptureContext RtlLookupFunctionEntry 15458->15459 15460 7ff69f01c626 __scrt_get_show_window_mode 15459->15460 15461 7ff69f01c5ea RtlVirtualUnwind 15459->15461 15462 7ff69f01c658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15460->15462 15461->15460 15463 7ff69f01c6aa _wfindfirst32i64 15462->15463 15463->15346 15465 7ff69f01c26e __scrt_dllmain_crt_thread_attach 15464->15465 15465->15364 15465->15365 15467 7ff69f01d9aa 15466->15467 15468 7ff69f01d9a0 15466->15468 15467->15364 15472 7ff69f01dd14 15468->15472 15473 7ff69f01d9a5 15472->15473 15474 7ff69f01dd23 15472->15474 15476 7ff69f01dd80 15473->15476 15480 7ff69f01df50 15474->15480 15477 7ff69f01ddab 15476->15477 15478 7ff69f01ddaf 15477->15478 15479 7ff69f01dd8e DeleteCriticalSection 15477->15479 15478->15467 15479->15477 15484 7ff69f01ddb8 15480->15484 15485 7ff69f01ded2 TlsFree 15484->15485 15491 7ff69f01ddfc __vcrt_FlsAlloc 15484->15491 15486 7ff69f01de2a LoadLibraryExW 15488 7ff69f01de4b GetLastError 15486->15488 15489 7ff69f01dea1 15486->15489 15487 7ff69f01dec1 GetProcAddress 15487->15485 15488->15491 15489->15487 15490 7ff69f01deb8 FreeLibrary 15489->15490 15490->15487 15491->15485 15491->15486 15491->15487 15492 7ff69f01de6d LoadLibraryExW 15491->15492 15492->15489 15492->15491 15494 7ff69f01d0c0 15493->15494 15494->15369 15494->15494 15497 7ff69f0186cf 15495->15497 15496 7ff69f018720 WideCharToMultiByte 15496->15497 15499 7ff69f0187c6 15496->15499 15497->15496 15497->15499 15500 7ff69f018774 WideCharToMultiByte 15497->15500 15501 7ff69f0186d7 __std_exception_destroy 15497->15501 15764 7ff69f0129e0 15499->15764 15500->15497 15500->15499 15501->15373 15505 7ff69f030050 15502->15505 15503 7ff69f0300a3 15504 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15503->15504 15508 7ff69f0300cc 15504->15508 15505->15503 15506 7ff69f0300f6 15505->15506 16161 7ff69f02ff28 15506->16161 15508->15375 15510 7ff69f011ec5 15509->15510 15511 7ff69f011ee0 15510->15511 16169 7ff69f012890 15510->16169 15511->15378 15513 7ff69f013ec0 15511->15513 15514 7ff69f01bc60 15513->15514 15515 7ff69f013ecc GetModuleFileNameW 15514->15515 15516 7ff69f013efb 15515->15516 15517 7ff69f013f12 15515->15517 15518 7ff69f0129e0 57 API calls 15516->15518 16209 7ff69f018bf0 15517->16209 15520 7ff69f013f0e 15518->15520 15522 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15520->15522 15524 7ff69f013f4f 15522->15524 15523 7ff69f012b30 59 API calls 15523->15520 15524->15382 15526 7ff69f017b6a 15525->15526 15527 7ff69f018ae0 57 API calls 15526->15527 15528 7ff69f017b8c GetEnvironmentVariableW 15527->15528 15529 7ff69f017bf6 15528->15529 15530 7ff69f017ba4 ExpandEnvironmentStringsW 15528->15530 15531 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15529->15531 15532 7ff69f018bf0 59 API calls 15530->15532 15533 7ff69f017c08 15531->15533 15534 7ff69f017bcc 15532->15534 15533->15384 15534->15529 15535 7ff69f017bd6 15534->15535 16220 7ff69f02a99c 15535->16220 15538 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15539 7ff69f017bee 15538->15539 15539->15384 15541 7ff69f018ae0 57 API calls 15540->15541 15542 7ff69f018057 SetEnvironmentVariableW 15541->15542 15543 7ff69f01806f __std_exception_destroy 15542->15543 15543->15388 15545 7ff69f011cbe 15544->15545 15546 7ff69f011ef0 49 API calls 15545->15546 15547 7ff69f011cf4 15546->15547 15548 7ff69f011ef0 49 API calls 15547->15548 15562 7ff69f011dde 15547->15562 15549 7ff69f011d1a 15548->15549 15549->15562 16227 7ff69f011aa0 15549->16227 15550 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15551 7ff69f011e6c 15550->15551 15551->15391 15551->15393 15555 7ff69f011dcc 15556 7ff69f013e40 49 API calls 15555->15556 15556->15562 15557 7ff69f011d8f 15557->15555 15558 7ff69f011e34 15557->15558 15559 7ff69f013e40 49 API calls 15558->15559 15560 7ff69f011e41 15559->15560 16263 7ff69f014050 15560->16263 15562->15550 15564 7ff69f01157f 15563->15564 15565 7ff69f011506 15563->15565 15564->15394 16305 7ff69f017950 15565->16305 15568 7ff69f012b30 59 API calls 15569 7ff69f011564 15568->15569 15569->15394 15571 7ff69f018b87 MultiByteToWideChar 15570->15571 15572 7ff69f018b01 MultiByteToWideChar 15570->15572 15573 7ff69f018baa 15571->15573 15574 7ff69f018bcf 15571->15574 15575 7ff69f018b27 15572->15575 15576 7ff69f018b4c 15572->15576 15577 7ff69f0129e0 55 API calls 15573->15577 15574->15402 15578 7ff69f0129e0 55 API calls 15575->15578 15576->15571 15581 7ff69f018b62 15576->15581 15579 7ff69f018bbd 15577->15579 15580 7ff69f018b3a 15578->15580 15579->15402 15580->15402 15582 7ff69f0129e0 55 API calls 15581->15582 15583 7ff69f018b75 15582->15583 15583->15402 15585 7ff69f016df5 15584->15585 15586 7ff69f013bf4 15585->15586 15587 7ff69f012890 59 API calls 15585->15587 15586->15409 15661 7ff69f016a90 15586->15661 15587->15586 15589 7ff69f013533 15588->15589 15590 7ff69f013574 15588->15590 15589->15590 16847 7ff69f011710 15589->16847 16889 7ff69f012d70 15589->16889 15591 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15590->15591 15592 7ff69f0135c5 15591->15592 15592->15378 15595 7ff69f017fd0 15592->15595 15596 7ff69f018ae0 57 API calls 15595->15596 15597 7ff69f017fef 15596->15597 15598 7ff69f018ae0 57 API calls 15597->15598 15599 7ff69f017fff 15598->15599 15600 7ff69f027dec 38 API calls 15599->15600 15601 7ff69f01800d __std_exception_destroy 15600->15601 15601->15433 15603 7ff69f018090 15602->15603 15604 7ff69f018ae0 57 API calls 15603->15604 15605 7ff69f0180c1 SetConsoleCtrlHandler GetStartupInfoW 15604->15605 15626 7ff69f012b50 15625->15626 15627 7ff69f024ac4 49 API calls 15626->15627 15628 7ff69f012b9b __scrt_get_show_window_mode 15627->15628 15629 7ff69f018ae0 57 API calls 15628->15629 15630 7ff69f012bd0 15629->15630 15631 7ff69f012c0d MessageBoxA 15630->15631 15632 7ff69f012bd5 15630->15632 15634 7ff69f012c27 15631->15634 15633 7ff69f018ae0 57 API calls 15632->15633 15635 7ff69f012bef MessageBoxW 15633->15635 15636 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15634->15636 15635->15634 15637 7ff69f012c37 15636->15637 15637->15378 15639 7ff69f013fdc 15638->15639 15640 7ff69f018ae0 57 API calls 15639->15640 15641 7ff69f014007 15640->15641 15642 7ff69f018ae0 57 API calls 15641->15642 15643 7ff69f01401a 15642->15643 17396 7ff69f0264a8 15643->17396 15646 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15647 7ff69f013b0e 15646->15647 15647->15426 15648 7ff69f0182b0 15647->15648 15649 7ff69f0182d4 15648->15649 15650 7ff69f020814 73 API calls 15649->15650 15653 7ff69f0183ab __std_exception_destroy 15649->15653 15651 7ff69f0182ee 15650->15651 15651->15653 17775 7ff69f029070 15651->17775 15653->15416 15658 7ff69f0201bc 15657->15658 17790 7ff69f01ff68 15658->17790 15662 7ff69f016aca 15661->15662 15663 7ff69f016ab3 15661->15663 15662->15413 15663->15662 17801 7ff69f0115a0 15663->17801 15665 7ff69f016ad4 15665->15662 15666 7ff69f014050 49 API calls 15665->15666 15667 7ff69f016b35 15666->15667 15668 7ff69f012b30 59 API calls 15667->15668 15669 7ff69f016ba5 memcpy_s __std_exception_destroy 15667->15669 15668->15662 15669->15413 15684 7ff69f01660a memcpy_s 15670->15684 15672 7ff69f01672f 15674 7ff69f014050 49 API calls 15672->15674 15673 7ff69f01674b 15676 7ff69f012b30 59 API calls 15673->15676 15675 7ff69f0167a8 15674->15675 15679 7ff69f014050 49 API calls 15675->15679 15682 7ff69f016741 __std_exception_destroy 15676->15682 15677 7ff69f014050 49 API calls 15677->15684 15678 7ff69f016710 15678->15672 15680 7ff69f014050 49 API calls 15678->15680 15681 7ff69f0167d8 15679->15681 15680->15672 15686 7ff69f014050 49 API calls 15681->15686 15683 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15682->15683 15685 7ff69f013c1a 15683->15685 15684->15672 15684->15673 15684->15677 15684->15678 15687 7ff69f011710 144 API calls 15684->15687 15688 7ff69f016731 15684->15688 17825 7ff69f011950 15684->17825 15685->15423 15690 7ff69f016570 15685->15690 15686->15682 15687->15684 15689 7ff69f012b30 59 API calls 15688->15689 15689->15682 17829 7ff69f018260 15690->17829 15692 7ff69f01658c 15693 7ff69f018260 58 API calls 15692->15693 15694 7ff69f01659f 15693->15694 15695 7ff69f0165d5 15694->15695 15697 7ff69f0165b7 15694->15697 15696 7ff69f012b30 59 API calls 15695->15696 17833 7ff69f016ef0 GetProcAddress 15697->17833 15709 7ff69f01687d 15706->15709 15711 7ff69f016852 15706->15711 15708 7ff69f01693b 15708->15709 17893 7ff69f018240 FreeLibrary 15708->17893 15709->15409 15711->15708 15711->15709 17892 7ff69f018240 FreeLibrary 15711->17892 15713 7ff69f011f15 15712->15713 15714 7ff69f024ac4 49 API calls 15713->15714 15715 7ff69f011f38 15714->15715 15715->15431 17894 7ff69f015bc0 15716->17894 15719 7ff69f0134ad 15719->15439 15783 7ff69f01bc60 15764->15783 15767 7ff69f012a29 15785 7ff69f024ac4 15767->15785 15772 7ff69f011ef0 49 API calls 15773 7ff69f012a86 __scrt_get_show_window_mode 15772->15773 15774 7ff69f018ae0 54 API calls 15773->15774 15775 7ff69f012abb 15774->15775 15776 7ff69f012af8 MessageBoxA 15775->15776 15777 7ff69f012ac0 15775->15777 15778 7ff69f012b12 15776->15778 15779 7ff69f018ae0 54 API calls 15777->15779 15780 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15778->15780 15781 7ff69f012ada MessageBoxW 15779->15781 15782 7ff69f012b22 15780->15782 15781->15778 15782->15501 15784 7ff69f0129fc GetLastError 15783->15784 15784->15767 15786 7ff69f024b1e 15785->15786 15787 7ff69f024b43 15786->15787 15789 7ff69f024b7f 15786->15789 15788 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15787->15788 15791 7ff69f024b6d 15788->15791 15815 7ff69f022d50 15789->15815 15793 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15791->15793 15792 7ff69f024c5c 15794 7ff69f02af0c __free_lconv_mon 11 API calls 15792->15794 15795 7ff69f012a57 15793->15795 15794->15791 15803 7ff69f018560 15795->15803 15797 7ff69f024c31 15800 7ff69f02af0c __free_lconv_mon 11 API calls 15797->15800 15798 7ff69f024c80 15798->15792 15799 7ff69f024c8a 15798->15799 15802 7ff69f02af0c __free_lconv_mon 11 API calls 15799->15802 15800->15791 15801 7ff69f024c28 15801->15792 15801->15797 15802->15791 15804 7ff69f01856c 15803->15804 15805 7ff69f018587 GetLastError 15804->15805 15806 7ff69f01858d FormatMessageW 15804->15806 15805->15806 15807 7ff69f0185dc WideCharToMultiByte 15806->15807 15808 7ff69f0185c0 15806->15808 15810 7ff69f018616 15807->15810 15812 7ff69f0185d3 15807->15812 15809 7ff69f0129e0 54 API calls 15808->15809 15809->15812 15811 7ff69f0129e0 54 API calls 15810->15811 15811->15812 15813 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15812->15813 15814 7ff69f012a5e 15813->15814 15814->15772 15816 7ff69f022d8e 15815->15816 15817 7ff69f022d7e 15815->15817 15818 7ff69f022d97 15816->15818 15822 7ff69f022dc5 15816->15822 15821 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15817->15821 15819 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15818->15819 15820 7ff69f022dbd 15819->15820 15820->15792 15820->15797 15820->15798 15820->15801 15821->15820 15822->15817 15822->15820 15825 7ff69f023074 15822->15825 15829 7ff69f0236e0 15822->15829 15855 7ff69f0233a8 15822->15855 15885 7ff69f022c30 15822->15885 15888 7ff69f024900 15822->15888 15827 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15825->15827 15827->15817 15830 7ff69f023722 15829->15830 15831 7ff69f023795 15829->15831 15832 7ff69f023728 15830->15832 15833 7ff69f0237bf 15830->15833 15834 7ff69f02379a 15831->15834 15835 7ff69f0237ef 15831->15835 15840 7ff69f02372d 15832->15840 15843 7ff69f0237fe 15832->15843 15912 7ff69f021c90 15833->15912 15836 7ff69f02379c 15834->15836 15837 7ff69f0237cf 15834->15837 15835->15833 15835->15843 15854 7ff69f023758 15835->15854 15842 7ff69f0237ab 15836->15842 15846 7ff69f02373d 15836->15846 15919 7ff69f021880 15837->15919 15845 7ff69f023770 15840->15845 15840->15846 15840->15854 15842->15833 15847 7ff69f0237b0 15842->15847 15853 7ff69f02382d 15843->15853 15926 7ff69f0220a0 15843->15926 15845->15853 15904 7ff69f024500 15845->15904 15846->15853 15894 7ff69f024044 15846->15894 15847->15853 15908 7ff69f024698 15847->15908 15849 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15851 7ff69f023ac3 15849->15851 15851->15822 15853->15849 15854->15853 15933 7ff69f02ee18 15854->15933 15856 7ff69f0233c9 15855->15856 15857 7ff69f0233b3 15855->15857 15858 7ff69f023407 15856->15858 15861 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15856->15861 15857->15858 15859 7ff69f023722 15857->15859 15860 7ff69f023795 15857->15860 15858->15822 15862 7ff69f023728 15859->15862 15863 7ff69f0237bf 15859->15863 15864 7ff69f02379a 15860->15864 15865 7ff69f0237ef 15860->15865 15861->15858 15872 7ff69f02372d 15862->15872 15875 7ff69f0237fe 15862->15875 15868 7ff69f021c90 38 API calls 15863->15868 15866 7ff69f02379c 15864->15866 15867 7ff69f0237cf 15864->15867 15865->15863 15865->15875 15883 7ff69f023758 15865->15883 15869 7ff69f02373d 15866->15869 15873 7ff69f0237ab 15866->15873 15870 7ff69f021880 38 API calls 15867->15870 15868->15883 15871 7ff69f024044 47 API calls 15869->15871 15884 7ff69f02382d 15869->15884 15870->15883 15871->15883 15872->15869 15874 7ff69f023770 15872->15874 15872->15883 15873->15863 15877 7ff69f0237b0 15873->15877 15878 7ff69f024500 47 API calls 15874->15878 15874->15884 15876 7ff69f0220a0 38 API calls 15875->15876 15875->15884 15876->15883 15880 7ff69f024698 37 API calls 15877->15880 15877->15884 15878->15883 15879 7ff69f01bcc0 _wfindfirst32i64 8 API calls 15881 7ff69f023ac3 15879->15881 15880->15883 15881->15822 15882 7ff69f02ee18 47 API calls 15882->15883 15883->15882 15883->15884 15884->15879 16089 7ff69f020e54 15885->16089 15889 7ff69f024917 15888->15889 16106 7ff69f02df78 15889->16106 15895 7ff69f024066 15894->15895 15943 7ff69f020cc0 15895->15943 15900 7ff69f024900 45 API calls 15903 7ff69f0241a3 15900->15903 15901 7ff69f02422c 15901->15854 15901->15901 15902 7ff69f024900 45 API calls 15902->15901 15903->15901 15903->15902 15903->15903 15905 7ff69f024580 15904->15905 15906 7ff69f024518 15904->15906 15905->15854 15906->15905 15907 7ff69f02ee18 47 API calls 15906->15907 15907->15905 15909 7ff69f0246b9 15908->15909 15910 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15909->15910 15911 7ff69f0246ea 15909->15911 15910->15911 15911->15854 15913 7ff69f021cc3 15912->15913 15914 7ff69f021cf2 15913->15914 15916 7ff69f021daf 15913->15916 15915 7ff69f020cc0 12 API calls 15914->15915 15918 7ff69f021d2f 15914->15918 15915->15918 15917 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15916->15917 15917->15918 15918->15854 15920 7ff69f0218b3 15919->15920 15921 7ff69f0218e2 15920->15921 15923 7ff69f02199f 15920->15923 15922 7ff69f020cc0 12 API calls 15921->15922 15925 7ff69f02191f 15921->15925 15922->15925 15924 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15923->15924 15924->15925 15925->15854 15927 7ff69f0220d3 15926->15927 15928 7ff69f022102 15927->15928 15930 7ff69f0221bf 15927->15930 15929 7ff69f020cc0 12 API calls 15928->15929 15932 7ff69f02213f 15928->15932 15929->15932 15931 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15930->15931 15931->15932 15932->15854 15934 7ff69f02ee40 15933->15934 15935 7ff69f02ee85 15934->15935 15936 7ff69f024900 45 API calls 15934->15936 15938 7ff69f02ee45 __scrt_get_show_window_mode 15934->15938 15942 7ff69f02ee6e __scrt_get_show_window_mode 15934->15942 15935->15938 15935->15942 16086 7ff69f0304c8 15935->16086 15936->15935 15937 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15937->15938 15938->15854 15942->15937 15942->15938 15944 7ff69f020cf7 15943->15944 15945 7ff69f020ce6 15943->15945 15944->15945 15973 7ff69f02dbbc 15944->15973 15951 7ff69f02eb30 15945->15951 15948 7ff69f020d38 15950 7ff69f02af0c __free_lconv_mon 11 API calls 15948->15950 15949 7ff69f02af0c __free_lconv_mon 11 API calls 15949->15948 15950->15945 15952 7ff69f02eb4d 15951->15952 15953 7ff69f02eb80 15951->15953 15954 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 15952->15954 15953->15952 15955 7ff69f02ebb2 15953->15955 15970 7ff69f024181 15954->15970 15959 7ff69f02ecc5 15955->15959 15962 7ff69f02ebfa 15955->15962 15956 7ff69f02edb7 16013 7ff69f02e01c 15956->16013 15957 7ff69f02ed7d 16006 7ff69f02e3b4 15957->16006 15959->15956 15959->15957 15960 7ff69f02ed4c 15959->15960 15963 7ff69f02ed0f 15959->15963 15965 7ff69f02ed05 15959->15965 15999 7ff69f02e694 15960->15999 15962->15970 15980 7ff69f02aa3c 15962->15980 15989 7ff69f02e8c4 15963->15989 15965->15957 15967 7ff69f02ed0a 15965->15967 15967->15960 15967->15963 15970->15900 15970->15903 15971 7ff69f02aec4 _wfindfirst32i64 17 API calls 15972 7ff69f02ee14 15971->15972 15974 7ff69f02dc07 15973->15974 15978 7ff69f02dbcb _set_fmode 15973->15978 15975 7ff69f0254c4 _set_fmode 11 API calls 15974->15975 15977 7ff69f020d24 15975->15977 15976 7ff69f02dbee HeapAlloc 15976->15977 15976->15978 15977->15948 15977->15949 15978->15974 15978->15976 15979 7ff69f033c00 _set_fmode 2 API calls 15978->15979 15979->15978 15981 7ff69f02aa49 15980->15981 15982 7ff69f02aa53 15980->15982 15981->15982 15987 7ff69f02aa6e 15981->15987 15983 7ff69f0254c4 _set_fmode 11 API calls 15982->15983 15984 7ff69f02aa5a 15983->15984 15985 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 15984->15985 15986 7ff69f02aa66 15985->15986 15986->15970 15986->15971 15987->15986 15988 7ff69f0254c4 _set_fmode 11 API calls 15987->15988 15988->15984 16022 7ff69f03471c 15989->16022 15993 7ff69f02e9c1 16075 7ff69f02e4b0 15993->16075 15994 7ff69f02e96c 15994->15993 15995 7ff69f02e970 15994->15995 15996 7ff69f02e98c 15994->15996 15995->15970 16071 7ff69f02e76c 15996->16071 16000 7ff69f03471c 38 API calls 15999->16000 16001 7ff69f02e6de 16000->16001 16002 7ff69f034164 37 API calls 16001->16002 16003 7ff69f02e72e 16002->16003 16004 7ff69f02e732 16003->16004 16005 7ff69f02e76c 45 API calls 16003->16005 16004->15970 16005->16004 16007 7ff69f03471c 38 API calls 16006->16007 16008 7ff69f02e3ff 16007->16008 16009 7ff69f034164 37 API calls 16008->16009 16010 7ff69f02e457 16009->16010 16011 7ff69f02e45b 16010->16011 16012 7ff69f02e4b0 45 API calls 16010->16012 16011->15970 16012->16011 16014 7ff69f02e061 16013->16014 16015 7ff69f02e094 16013->16015 16016 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16014->16016 16017 7ff69f02e0ac 16015->16017 16019 7ff69f02e12d 16015->16019 16021 7ff69f02e08d __scrt_get_show_window_mode 16016->16021 16018 7ff69f02e3b4 46 API calls 16017->16018 16018->16021 16020 7ff69f024900 45 API calls 16019->16020 16019->16021 16020->16021 16021->15970 16023 7ff69f03476f fegetenv 16022->16023 16024 7ff69f03867c 37 API calls 16023->16024 16030 7ff69f0347c2 16024->16030 16025 7ff69f0347ef 16029 7ff69f02aa3c __std_exception_copy 37 API calls 16025->16029 16026 7ff69f0348b2 16027 7ff69f03867c 37 API calls 16026->16027 16028 7ff69f0348dc 16027->16028 16033 7ff69f03867c 37 API calls 16028->16033 16034 7ff69f03486d 16029->16034 16030->16026 16031 7ff69f0347dd 16030->16031 16032 7ff69f03488c 16030->16032 16031->16025 16031->16026 16037 7ff69f02aa3c __std_exception_copy 37 API calls 16032->16037 16035 7ff69f0348ed 16033->16035 16036 7ff69f035994 16034->16036 16041 7ff69f034875 16034->16041 16038 7ff69f038870 20 API calls 16035->16038 16039 7ff69f02aec4 _wfindfirst32i64 17 API calls 16036->16039 16037->16034 16048 7ff69f034956 __scrt_get_show_window_mode 16038->16048 16040 7ff69f0359a9 16039->16040 16042 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16041->16042 16043 7ff69f02e911 16042->16043 16067 7ff69f034164 16043->16067 16044 7ff69f034cff __scrt_get_show_window_mode 16045 7ff69f03503f 16047 7ff69f034280 37 API calls 16045->16047 16046 7ff69f034997 memcpy_s 16060 7ff69f034df3 memcpy_s __scrt_get_show_window_mode 16046->16060 16065 7ff69f0352db memcpy_s __scrt_get_show_window_mode 16046->16065 16052 7ff69f035757 16047->16052 16048->16044 16048->16046 16051 7ff69f0254c4 _set_fmode 11 API calls 16048->16051 16049 7ff69f034feb 16049->16045 16050 7ff69f0359ac memcpy_s 37 API calls 16049->16050 16050->16045 16053 7ff69f034dd0 16051->16053 16056 7ff69f0359ac memcpy_s 37 API calls 16052->16056 16064 7ff69f0357b2 16052->16064 16054 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16053->16054 16054->16046 16055 7ff69f035938 16057 7ff69f03867c 37 API calls 16055->16057 16056->16064 16057->16041 16058 7ff69f0254c4 11 API calls _set_fmode 16058->16060 16059 7ff69f0254c4 11 API calls _set_fmode 16059->16065 16060->16049 16060->16058 16062 7ff69f02aea4 37 API calls _invalid_parameter_noinfo 16060->16062 16061 7ff69f034280 37 API calls 16061->16064 16062->16060 16063 7ff69f0359ac memcpy_s 37 API calls 16063->16064 16064->16055 16064->16061 16064->16063 16065->16045 16065->16049 16065->16059 16066 7ff69f02aea4 37 API calls _invalid_parameter_noinfo 16065->16066 16066->16065 16068 7ff69f034183 16067->16068 16069 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16068->16069 16070 7ff69f0341ae memcpy_s 16068->16070 16069->16070 16070->15994 16072 7ff69f02e798 memcpy_s 16071->16072 16072->16072 16073 7ff69f024900 45 API calls 16072->16073 16074 7ff69f02e852 memcpy_s __scrt_get_show_window_mode 16072->16074 16073->16074 16074->15995 16076 7ff69f02e4eb 16075->16076 16079 7ff69f02e538 memcpy_s 16075->16079 16077 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16076->16077 16078 7ff69f02e517 16077->16078 16078->15995 16080 7ff69f02e5a3 16079->16080 16082 7ff69f024900 45 API calls 16079->16082 16081 7ff69f02aa3c __std_exception_copy 37 API calls 16080->16081 16085 7ff69f02e5e5 memcpy_s 16081->16085 16082->16080 16083 7ff69f02aec4 _wfindfirst32i64 17 API calls 16084 7ff69f02e690 16083->16084 16085->16083 16088 7ff69f0304ec WideCharToMultiByte 16086->16088 16090 7ff69f020e81 16089->16090 16091 7ff69f020e93 16089->16091 16092 7ff69f0254c4 _set_fmode 11 API calls 16090->16092 16094 7ff69f020ea0 16091->16094 16097 7ff69f020edd 16091->16097 16093 7ff69f020e86 16092->16093 16095 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16093->16095 16096 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16094->16096 16103 7ff69f020e91 16095->16103 16096->16103 16098 7ff69f020f86 16097->16098 16100 7ff69f0254c4 _set_fmode 11 API calls 16097->16100 16099 7ff69f0254c4 _set_fmode 11 API calls 16098->16099 16098->16103 16102 7ff69f021030 16099->16102 16101 7ff69f020f7b 16100->16101 16104 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16101->16104 16105 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16102->16105 16103->15822 16104->16098 16105->16103 16107 7ff69f02493f 16106->16107 16108 7ff69f02df91 16106->16108 16110 7ff69f02dfe4 16107->16110 16108->16107 16114 7ff69f033974 16108->16114 16111 7ff69f02dffd 16110->16111 16113 7ff69f02494f 16110->16113 16111->16113 16158 7ff69f032cc0 16111->16158 16113->15822 16126 7ff69f02b710 GetLastError 16114->16126 16117 7ff69f0339ce 16117->16107 16127 7ff69f02b751 FlsSetValue 16126->16127 16128 7ff69f02b734 FlsGetValue 16126->16128 16130 7ff69f02b741 16127->16130 16131 7ff69f02b763 16127->16131 16129 7ff69f02b74b 16128->16129 16128->16130 16129->16127 16133 7ff69f02b7bd SetLastError 16130->16133 16132 7ff69f02f158 _set_fmode 11 API calls 16131->16132 16134 7ff69f02b772 16132->16134 16135 7ff69f02b7dd 16133->16135 16136 7ff69f02b7ca 16133->16136 16137 7ff69f02b790 FlsSetValue 16134->16137 16138 7ff69f02b780 FlsSetValue 16134->16138 16149 7ff69f02aa9c 16135->16149 16136->16117 16148 7ff69f030cb8 EnterCriticalSection 16136->16148 16142 7ff69f02b79c FlsSetValue 16137->16142 16143 7ff69f02b7ae 16137->16143 16141 7ff69f02b789 16138->16141 16144 7ff69f02af0c __free_lconv_mon 11 API calls 16141->16144 16142->16141 16145 7ff69f02b4b8 _set_fmode 11 API calls 16143->16145 16144->16130 16146 7ff69f02b7b6 16145->16146 16147 7ff69f02af0c __free_lconv_mon 11 API calls 16146->16147 16147->16133 16150 7ff69f033cc0 __FrameHandler3::FrameUnwindToEmptyState EnterCriticalSection LeaveCriticalSection 16149->16150 16151 7ff69f02aaa5 16150->16151 16152 7ff69f02aab4 16151->16152 16153 7ff69f033d10 __FrameHandler3::FrameUnwindToEmptyState 44 API calls 16151->16153 16154 7ff69f02aae7 __FrameHandler3::FrameUnwindToEmptyState 16152->16154 16155 7ff69f02aabd IsProcessorFeaturePresent 16152->16155 16153->16152 16156 7ff69f02aacc 16155->16156 16157 7ff69f02abd8 _wfindfirst32i64 14 API calls 16156->16157 16157->16154 16159 7ff69f02b710 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16158->16159 16160 7ff69f032cc9 16159->16160 16168 7ff69f02536c EnterCriticalSection 16161->16168 16170 7ff69f0128ac 16169->16170 16171 7ff69f024ac4 49 API calls 16170->16171 16172 7ff69f0128fd 16171->16172 16173 7ff69f0254c4 _set_fmode 11 API calls 16172->16173 16174 7ff69f012902 16173->16174 16188 7ff69f0254e4 16174->16188 16177 7ff69f011ef0 49 API calls 16178 7ff69f012931 __scrt_get_show_window_mode 16177->16178 16179 7ff69f018ae0 57 API calls 16178->16179 16180 7ff69f012966 16179->16180 16181 7ff69f01296b 16180->16181 16182 7ff69f0129a3 MessageBoxA 16180->16182 16183 7ff69f018ae0 57 API calls 16181->16183 16184 7ff69f0129bd 16182->16184 16185 7ff69f012985 MessageBoxW 16183->16185 16186 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16184->16186 16185->16184 16187 7ff69f0129cd 16186->16187 16187->15511 16189 7ff69f02b888 _set_fmode 11 API calls 16188->16189 16190 7ff69f0254fb 16189->16190 16191 7ff69f012909 16190->16191 16192 7ff69f02f158 _set_fmode 11 API calls 16190->16192 16195 7ff69f02553b 16190->16195 16191->16177 16193 7ff69f025530 16192->16193 16194 7ff69f02af0c __free_lconv_mon 11 API calls 16193->16194 16194->16195 16195->16191 16200 7ff69f02f828 16195->16200 16198 7ff69f02aec4 _wfindfirst32i64 17 API calls 16199 7ff69f025580 16198->16199 16203 7ff69f02f845 16200->16203 16201 7ff69f02f84a 16202 7ff69f0254c4 _set_fmode 11 API calls 16201->16202 16205 7ff69f025561 16201->16205 16208 7ff69f02f854 16202->16208 16203->16201 16203->16205 16206 7ff69f02f894 16203->16206 16204 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16204->16205 16205->16191 16205->16198 16206->16205 16207 7ff69f0254c4 _set_fmode 11 API calls 16206->16207 16207->16208 16208->16204 16210 7ff69f018c82 WideCharToMultiByte 16209->16210 16211 7ff69f018c14 WideCharToMultiByte 16209->16211 16213 7ff69f018caf 16210->16213 16217 7ff69f013f25 16210->16217 16212 7ff69f018c3e 16211->16212 16215 7ff69f018c55 16211->16215 16214 7ff69f0129e0 57 API calls 16212->16214 16216 7ff69f0129e0 57 API calls 16213->16216 16214->16217 16215->16210 16218 7ff69f018c6b 16215->16218 16216->16217 16217->15520 16217->15523 16219 7ff69f0129e0 57 API calls 16218->16219 16219->16217 16221 7ff69f02a9b3 16220->16221 16224 7ff69f017bde 16220->16224 16222 7ff69f02aa3c __std_exception_copy 37 API calls 16221->16222 16221->16224 16223 7ff69f02a9e0 16222->16223 16223->16224 16225 7ff69f02aec4 _wfindfirst32i64 17 API calls 16223->16225 16224->15538 16226 7ff69f02aa10 16225->16226 16228 7ff69f013fd0 116 API calls 16227->16228 16229 7ff69f011ad6 16228->16229 16230 7ff69f0182b0 83 API calls 16229->16230 16237 7ff69f011c84 16229->16237 16233 7ff69f011b0e 16230->16233 16231 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16232 7ff69f011c98 16231->16232 16232->15562 16260 7ff69f013e40 16232->16260 16259 7ff69f011b3f 16233->16259 16266 7ff69f020814 16233->16266 16235 7ff69f02018c 74 API calls 16235->16237 16236 7ff69f011b28 16238 7ff69f011b2c 16236->16238 16239 7ff69f011b44 16236->16239 16237->16231 16240 7ff69f012890 59 API calls 16238->16240 16270 7ff69f0204dc 16239->16270 16240->16259 16243 7ff69f011b77 16246 7ff69f020814 73 API calls 16243->16246 16244 7ff69f011b5f 16245 7ff69f012890 59 API calls 16244->16245 16245->16259 16247 7ff69f011bc4 16246->16247 16248 7ff69f011bd6 16247->16248 16249 7ff69f011bee 16247->16249 16250 7ff69f012890 59 API calls 16248->16250 16251 7ff69f0204dc _fread_nolock 53 API calls 16249->16251 16250->16259 16252 7ff69f011c03 16251->16252 16253 7ff69f011c09 16252->16253 16254 7ff69f011c1e 16252->16254 16255 7ff69f012890 59 API calls 16253->16255 16273 7ff69f020250 16254->16273 16255->16259 16258 7ff69f012b30 59 API calls 16258->16259 16259->16235 16261 7ff69f011ef0 49 API calls 16260->16261 16262 7ff69f013e5d 16261->16262 16262->15557 16264 7ff69f011ef0 49 API calls 16263->16264 16265 7ff69f014080 16264->16265 16265->15562 16265->16265 16267 7ff69f020844 16266->16267 16279 7ff69f0205a4 16267->16279 16269 7ff69f02085d 16269->16236 16291 7ff69f0204fc 16270->16291 16274 7ff69f020259 16273->16274 16275 7ff69f011c32 16273->16275 16276 7ff69f0254c4 _set_fmode 11 API calls 16274->16276 16275->16258 16275->16259 16280 7ff69f02060e 16279->16280 16281 7ff69f0205ce 16279->16281 16280->16281 16283 7ff69f02061a 16280->16283 16282 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16281->16282 16284 7ff69f0205f5 16282->16284 16290 7ff69f02536c EnterCriticalSection 16283->16290 16284->16269 16292 7ff69f020526 16291->16292 16293 7ff69f011b59 16291->16293 16292->16293 16294 7ff69f020572 16292->16294 16295 7ff69f020535 __scrt_get_show_window_mode 16292->16295 16293->16243 16293->16244 16304 7ff69f02536c EnterCriticalSection 16294->16304 16297 7ff69f0254c4 _set_fmode 11 API calls 16295->16297 16299 7ff69f02054a 16297->16299 16301 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16299->16301 16301->16293 16306 7ff69f017966 16305->16306 16307 7ff69f01798a 16306->16307 16308 7ff69f0179dd GetTempPathW 16306->16308 16310 7ff69f017b60 61 API calls 16307->16310 16309 7ff69f0179f2 16308->16309 16344 7ff69f012830 16309->16344 16311 7ff69f017996 16310->16311 16368 7ff69f017420 16311->16368 16317 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16319 7ff69f01154f 16317->16319 16318 7ff69f0179bc __std_exception_destroy 16318->16308 16323 7ff69f0179ca 16318->16323 16319->15564 16319->15568 16321 7ff69f017ab6 16325 7ff69f018bf0 59 API calls 16321->16325 16322 7ff69f017a0b __std_exception_destroy 16322->16321 16327 7ff69f017a41 16322->16327 16348 7ff69f028aa4 16322->16348 16351 7ff69f018950 16322->16351 16324 7ff69f012b30 59 API calls 16323->16324 16329 7ff69f017ac7 __std_exception_destroy 16325->16329 16328 7ff69f018ae0 57 API calls 16327->16328 16339 7ff69f017a7a __std_exception_destroy 16327->16339 16331 7ff69f017a57 16328->16331 16330 7ff69f018ae0 57 API calls 16329->16330 16329->16339 16332 7ff69f017ae5 16330->16332 16333 7ff69f017a99 SetEnvironmentVariableW 16331->16333 16334 7ff69f017a5c 16331->16334 16335 7ff69f017aea 16332->16335 16336 7ff69f017b1d SetEnvironmentVariableW 16332->16336 16333->16339 16337 7ff69f018ae0 57 API calls 16334->16337 16338 7ff69f018ae0 57 API calls 16335->16338 16336->16339 16340 7ff69f017a6c 16337->16340 16341 7ff69f017afa 16338->16341 16339->16317 16342 7ff69f027dec 38 API calls 16340->16342 16343 7ff69f027dec 38 API calls 16341->16343 16342->16339 16343->16339 16345 7ff69f012855 16344->16345 16402 7ff69f024d18 16345->16402 16596 7ff69f0286d0 16348->16596 16352 7ff69f01bc60 16351->16352 16353 7ff69f018960 GetCurrentProcess OpenProcessToken 16352->16353 16354 7ff69f0189ab GetTokenInformation 16353->16354 16356 7ff69f018a21 __std_exception_destroy 16353->16356 16355 7ff69f0189cd GetLastError 16354->16355 16359 7ff69f0189d8 16354->16359 16355->16356 16355->16359 16357 7ff69f018a3a 16356->16357 16358 7ff69f018a34 CloseHandle 16356->16358 16727 7ff69f018650 16357->16727 16358->16357 16359->16356 16361 7ff69f0189ee GetTokenInformation 16359->16361 16361->16356 16363 7ff69f018a14 ConvertSidToStringSidW 16361->16363 16363->16356 16369 7ff69f01742c 16368->16369 16370 7ff69f018ae0 57 API calls 16369->16370 16371 7ff69f01744e 16370->16371 16372 7ff69f017456 16371->16372 16373 7ff69f017469 ExpandEnvironmentStringsW 16371->16373 16374 7ff69f012b30 59 API calls 16372->16374 16375 7ff69f01748f __std_exception_destroy 16373->16375 16380 7ff69f017462 16374->16380 16376 7ff69f0174a6 16375->16376 16377 7ff69f017493 16375->16377 16382 7ff69f0174c0 16376->16382 16383 7ff69f0174b4 16376->16383 16378 7ff69f012b30 59 API calls 16377->16378 16378->16380 16379 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16381 7ff69f017588 16379->16381 16380->16379 16381->16339 16392 7ff69f027dec 16381->16392 16738 7ff69f026328 16382->16738 16731 7ff69f0279a4 16383->16731 16386 7ff69f0174be 16387 7ff69f0174da 16386->16387 16390 7ff69f0174ed __scrt_get_show_window_mode 16386->16390 16388 7ff69f012b30 59 API calls 16387->16388 16388->16380 16389 7ff69f017562 CreateDirectoryW 16389->16380 16390->16389 16391 7ff69f01753c CreateDirectoryW 16390->16391 16391->16390 16393 7ff69f027df9 16392->16393 16394 7ff69f027e0c 16392->16394 16396 7ff69f0254c4 _set_fmode 11 API calls 16393->16396 16839 7ff69f027a70 16394->16839 16398 7ff69f027dfe 16396->16398 16400 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16398->16400 16399 7ff69f027e0a 16399->16318 16400->16399 16405 7ff69f024d72 16402->16405 16403 7ff69f024d97 16404 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16403->16404 16408 7ff69f024dc1 16404->16408 16405->16403 16406 7ff69f024dd3 16405->16406 16420 7ff69f0230d0 16406->16420 16410 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16408->16410 16409 7ff69f02af0c __free_lconv_mon 11 API calls 16409->16408 16411 7ff69f012874 16410->16411 16411->16322 16413 7ff69f024e80 16414 7ff69f024eb4 16413->16414 16415 7ff69f024e89 16413->16415 16414->16409 16417 7ff69f02af0c __free_lconv_mon 11 API calls 16415->16417 16416 7ff69f024eda 16416->16414 16418 7ff69f024ee4 16416->16418 16417->16408 16419 7ff69f02af0c __free_lconv_mon 11 API calls 16418->16419 16419->16408 16421 7ff69f02310e 16420->16421 16422 7ff69f0230fe 16420->16422 16423 7ff69f023117 16421->16423 16428 7ff69f023145 16421->16428 16425 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16422->16425 16426 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16423->16426 16424 7ff69f02313d 16424->16413 16424->16414 16424->16415 16424->16416 16425->16424 16426->16424 16428->16422 16428->16424 16431 7ff69f023ae4 16428->16431 16464 7ff69f023530 16428->16464 16501 7ff69f022cc0 16428->16501 16432 7ff69f023b97 16431->16432 16433 7ff69f023b26 16431->16433 16436 7ff69f023b9c 16432->16436 16437 7ff69f023bf0 16432->16437 16434 7ff69f023b2c 16433->16434 16435 7ff69f023bc1 16433->16435 16439 7ff69f023b31 16434->16439 16440 7ff69f023b60 16434->16440 16520 7ff69f021e94 16435->16520 16444 7ff69f023bd1 16436->16444 16446 7ff69f023b9e 16436->16446 16438 7ff69f023bff 16437->16438 16441 7ff69f023c07 16437->16441 16442 7ff69f023bfa 16437->16442 16463 7ff69f023c30 16438->16463 16538 7ff69f0222a4 16438->16538 16439->16441 16448 7ff69f023b37 16439->16448 16440->16438 16440->16448 16534 7ff69f0247ec 16441->16534 16442->16435 16442->16438 16527 7ff69f021a84 16444->16527 16450 7ff69f023bad 16446->16450 16453 7ff69f023b40 16446->16453 16451 7ff69f023b72 16448->16451 16448->16453 16461 7ff69f023b5b 16448->16461 16450->16435 16454 7ff69f023bb2 16450->16454 16451->16463 16514 7ff69f0245d4 16451->16514 16453->16463 16504 7ff69f024298 16453->16504 16457 7ff69f024698 37 API calls 16454->16457 16454->16463 16456 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16458 7ff69f023f2a 16456->16458 16457->16461 16458->16428 16459 7ff69f024900 45 API calls 16462 7ff69f023e1c 16459->16462 16461->16459 16461->16462 16461->16463 16462->16463 16545 7ff69f02efc8 16462->16545 16463->16456 16465 7ff69f02353e 16464->16465 16466 7ff69f023554 16464->16466 16467 7ff69f023b97 16465->16467 16468 7ff69f023b26 16465->16468 16470 7ff69f023594 16465->16470 16469 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16466->16469 16466->16470 16473 7ff69f023b9c 16467->16473 16474 7ff69f023bf0 16467->16474 16471 7ff69f023b2c 16468->16471 16472 7ff69f023bc1 16468->16472 16469->16470 16470->16428 16475 7ff69f023b31 16471->16475 16476 7ff69f023b60 16471->16476 16482 7ff69f021e94 38 API calls 16472->16482 16477 7ff69f023b9e 16473->16477 16478 7ff69f023bd1 16473->16478 16480 7ff69f023c07 16474->16480 16481 7ff69f023bfa 16474->16481 16486 7ff69f023bff 16474->16486 16475->16480 16483 7ff69f023b37 16475->16483 16476->16483 16476->16486 16479 7ff69f023b40 16477->16479 16489 7ff69f023bad 16477->16489 16484 7ff69f021a84 38 API calls 16478->16484 16485 7ff69f024298 47 API calls 16479->16485 16499 7ff69f023c30 16479->16499 16488 7ff69f0247ec 45 API calls 16480->16488 16481->16472 16481->16486 16487 7ff69f023b5b 16482->16487 16483->16479 16483->16487 16490 7ff69f023b72 16483->16490 16484->16487 16485->16487 16491 7ff69f0222a4 38 API calls 16486->16491 16486->16499 16497 7ff69f024900 45 API calls 16487->16497 16487->16499 16500 7ff69f023e1c 16487->16500 16488->16487 16489->16472 16492 7ff69f023bb2 16489->16492 16493 7ff69f0245d4 46 API calls 16490->16493 16490->16499 16491->16487 16495 7ff69f024698 37 API calls 16492->16495 16492->16499 16493->16487 16494 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16496 7ff69f023f2a 16494->16496 16495->16487 16496->16428 16497->16500 16498 7ff69f02efc8 46 API calls 16498->16500 16499->16494 16500->16498 16500->16499 16579 7ff69f021108 16501->16579 16505 7ff69f0242be 16504->16505 16506 7ff69f020cc0 12 API calls 16505->16506 16507 7ff69f02430e 16506->16507 16508 7ff69f02eb30 46 API calls 16507->16508 16509 7ff69f0243e1 16508->16509 16516 7ff69f024609 16514->16516 16515 7ff69f02464e 16515->16461 16516->16515 16517 7ff69f024627 16516->16517 16518 7ff69f024900 45 API calls 16516->16518 16519 7ff69f02efc8 46 API calls 16517->16519 16518->16517 16519->16515 16521 7ff69f021ec7 16520->16521 16522 7ff69f021ef6 16521->16522 16524 7ff69f021fb3 16521->16524 16526 7ff69f021f33 16522->16526 16557 7ff69f020d68 16522->16557 16525 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16524->16525 16525->16526 16526->16461 16529 7ff69f021ab7 16527->16529 16528 7ff69f021ae6 16530 7ff69f020d68 12 API calls 16528->16530 16533 7ff69f021b23 16528->16533 16529->16528 16531 7ff69f021ba3 16529->16531 16530->16533 16532 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16531->16532 16532->16533 16533->16461 16535 7ff69f02482f 16534->16535 16536 7ff69f024833 __crtLCMapStringW 16535->16536 16565 7ff69f024888 16535->16565 16536->16461 16540 7ff69f0222d7 16538->16540 16539 7ff69f022306 16541 7ff69f020d68 12 API calls 16539->16541 16544 7ff69f022343 16539->16544 16540->16539 16542 7ff69f0223c3 16540->16542 16541->16544 16543 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16542->16543 16543->16544 16544->16461 16547 7ff69f02eff9 16545->16547 16555 7ff69f02f007 16545->16555 16546 7ff69f02f027 16549 7ff69f02f038 16546->16549 16550 7ff69f02f05f 16546->16550 16547->16546 16548 7ff69f024900 45 API calls 16547->16548 16547->16555 16548->16546 16550->16555 16555->16462 16558 7ff69f020d9f 16557->16558 16559 7ff69f020d8e 16557->16559 16558->16559 16560 7ff69f02dbbc _fread_nolock 12 API calls 16558->16560 16559->16526 16561 7ff69f020dd0 16560->16561 16562 7ff69f020de4 16561->16562 16563 7ff69f02af0c __free_lconv_mon 11 API calls 16561->16563 16563->16562 16566 7ff69f0248a6 16565->16566 16567 7ff69f0248ae 16565->16567 16568 7ff69f024900 45 API calls 16566->16568 16567->16536 16568->16567 16580 7ff69f02113d 16579->16580 16581 7ff69f02114f 16579->16581 16582 7ff69f0254c4 _set_fmode 11 API calls 16580->16582 16583 7ff69f021199 16581->16583 16585 7ff69f02115d 16581->16585 16584 7ff69f021142 16582->16584 16588 7ff69f021515 16583->16588 16590 7ff69f0254c4 _set_fmode 11 API calls 16583->16590 16586 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16584->16586 16587 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 16585->16587 16593 7ff69f02114d 16586->16593 16587->16593 16589 7ff69f0254c4 _set_fmode 11 API calls 16588->16589 16588->16593 16591 7ff69f0217a9 16589->16591 16592 7ff69f02150a 16590->16592 16594 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16591->16594 16595 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16592->16595 16593->16428 16594->16593 16595->16588 16637 7ff69f031bc8 16596->16637 16696 7ff69f031940 16637->16696 16717 7ff69f030cb8 EnterCriticalSection 16696->16717 16728 7ff69f018675 16727->16728 16729 7ff69f024d18 48 API calls 16728->16729 16730 7ff69f018698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16729->16730 16732 7ff69f0279c2 16731->16732 16735 7ff69f0279f5 16731->16735 16732->16735 16750 7ff69f030e54 16732->16750 16735->16386 16736 7ff69f02aec4 _wfindfirst32i64 17 API calls 16737 7ff69f027a25 16736->16737 16739 7ff69f0263b2 16738->16739 16740 7ff69f026344 16738->16740 16784 7ff69f0304a0 16739->16784 16740->16739 16742 7ff69f026349 16740->16742 16743 7ff69f02637e 16742->16743 16744 7ff69f026361 16742->16744 16767 7ff69f02616c GetFullPathNameW 16743->16767 16759 7ff69f0260f8 GetFullPathNameW 16744->16759 16749 7ff69f026376 __std_exception_destroy 16749->16386 16751 7ff69f030e61 16750->16751 16752 7ff69f030e6b 16750->16752 16751->16752 16757 7ff69f030e87 16751->16757 16753 7ff69f0254c4 _set_fmode 11 API calls 16752->16753 16754 7ff69f030e73 16753->16754 16755 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16754->16755 16756 7ff69f0279f1 16755->16756 16756->16735 16756->16736 16757->16756 16758 7ff69f0254c4 _set_fmode 11 API calls 16757->16758 16758->16754 16760 7ff69f02611e GetLastError 16759->16760 16761 7ff69f026134 16759->16761 16762 7ff69f025438 _fread_nolock 11 API calls 16760->16762 16764 7ff69f0254c4 _set_fmode 11 API calls 16761->16764 16766 7ff69f026130 16761->16766 16763 7ff69f02612b 16762->16763 16765 7ff69f0254c4 _set_fmode 11 API calls 16763->16765 16764->16766 16765->16766 16766->16749 16768 7ff69f02619f GetLastError 16767->16768 16769 7ff69f0261b5 __std_exception_destroy 16767->16769 16770 7ff69f025438 _fread_nolock 11 API calls 16768->16770 16773 7ff69f02620f GetFullPathNameW 16769->16773 16774 7ff69f0261b1 16769->16774 16771 7ff69f0261ac 16770->16771 16772 7ff69f0254c4 _set_fmode 11 API calls 16771->16772 16772->16774 16773->16768 16773->16774 16775 7ff69f026244 16774->16775 16776 7ff69f0262b8 memcpy_s 16775->16776 16777 7ff69f02626d __scrt_get_show_window_mode 16775->16777 16776->16749 16777->16776 16778 7ff69f0262a1 16777->16778 16781 7ff69f0262da 16777->16781 16781->16776 16787 7ff69f0302b0 16784->16787 16788 7ff69f0302db 16787->16788 16789 7ff69f0302f2 16787->16789 16790 7ff69f0254c4 _set_fmode 11 API calls 16788->16790 16791 7ff69f0302f6 16789->16791 16792 7ff69f030317 16789->16792 16794 7ff69f0302e0 16790->16794 16813 7ff69f03041c 16791->16813 16825 7ff69f02f918 16792->16825 16798 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 16794->16798 16812 7ff69f0302eb __std_exception_destroy 16798->16812 16803 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16812->16803 16814 7ff69f030466 16813->16814 16815 7ff69f030436 16813->16815 16816 7ff69f030451 16814->16816 16817 7ff69f030471 GetDriveTypeW 16814->16817 16818 7ff69f0254a4 _fread_nolock 11 API calls 16815->16818 16820 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16816->16820 16817->16816 16819 7ff69f03043b 16818->16819 16826 7ff69f01d0e0 __scrt_get_show_window_mode 16825->16826 16827 7ff69f02f94e GetCurrentDirectoryW 16826->16827 16828 7ff69f02f98c 16827->16828 16829 7ff69f02f965 16827->16829 16846 7ff69f030cb8 EnterCriticalSection 16839->16846 16848 7ff69f011726 16847->16848 16849 7ff69f01173e 16847->16849 16850 7ff69f012b30 59 API calls 16848->16850 16851 7ff69f011768 16849->16851 16852 7ff69f011744 16849->16852 16853 7ff69f011732 16850->16853 16940 7ff69f017c10 16851->16940 16977 7ff69f0112b0 16852->16977 16853->15589 16858 7ff69f01175f 16858->15589 16859 7ff69f0117b9 16862 7ff69f013fd0 116 API calls 16859->16862 16860 7ff69f01178d 16861 7ff69f012890 59 API calls 16860->16861 16864 7ff69f0117a3 16861->16864 16865 7ff69f0117ce 16862->16865 16863 7ff69f012b30 59 API calls 16863->16858 16864->15589 16866 7ff69f0117d6 16865->16866 16867 7ff69f0117ee 16865->16867 16868 7ff69f012b30 59 API calls 16866->16868 16869 7ff69f020814 73 API calls 16867->16869 16870 7ff69f0117e5 16868->16870 16871 7ff69f0117ff 16869->16871 16890 7ff69f012d86 16889->16890 16891 7ff69f011ef0 49 API calls 16890->16891 16893 7ff69f012db9 16891->16893 16892 7ff69f0130ea 16893->16892 16894 7ff69f013e40 49 API calls 16893->16894 16895 7ff69f012e27 16894->16895 16896 7ff69f013e40 49 API calls 16895->16896 16897 7ff69f012e38 16896->16897 16898 7ff69f012e59 16897->16898 16899 7ff69f012e95 16897->16899 17112 7ff69f0131b0 16898->17112 16901 7ff69f0131b0 75 API calls 16899->16901 16902 7ff69f012e93 16901->16902 16903 7ff69f012f16 16902->16903 16904 7ff69f012ed4 16902->16904 16906 7ff69f0131b0 75 API calls 16903->16906 17120 7ff69f0175a0 16904->17120 16908 7ff69f012f40 16906->16908 16912 7ff69f0131b0 75 API calls 16908->16912 16917 7ff69f012fdc 16908->16917 16914 7ff69f012f72 16912->16914 16914->16917 16915 7ff69f011eb0 59 API calls 16917->16915 16924 7ff69f0130ef 16917->16924 16941 7ff69f017c20 16940->16941 16942 7ff69f011ef0 49 API calls 16941->16942 16943 7ff69f017c61 16942->16943 16957 7ff69f017ce1 16943->16957 17020 7ff69f013f60 16943->17020 16945 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16947 7ff69f011785 16945->16947 16947->16859 16947->16860 16948 7ff69f017d1b 17026 7ff69f0177c0 16948->17026 16950 7ff69f017d04 16955 7ff69f012c50 59 API calls 16950->16955 16951 7ff69f017cd0 17040 7ff69f012c50 16951->17040 16952 7ff69f017b60 61 API calls 16958 7ff69f017c92 __std_exception_destroy 16952->16958 16955->16948 16957->16945 16958->16950 16958->16951 16978 7ff69f0112c2 16977->16978 16979 7ff69f013fd0 116 API calls 16978->16979 16980 7ff69f0112f2 16979->16980 16981 7ff69f0112fa 16980->16981 16982 7ff69f011311 16980->16982 16983 7ff69f012b30 59 API calls 16981->16983 16984 7ff69f020814 73 API calls 16982->16984 17013 7ff69f01130a __std_exception_destroy 16983->17013 16985 7ff69f011323 16984->16985 16986 7ff69f011327 16985->16986 16987 7ff69f01134d 16985->16987 16988 7ff69f012890 59 API calls 16986->16988 16991 7ff69f011368 16987->16991 16992 7ff69f011390 16987->16992 16989 7ff69f01133e 16988->16989 16990 7ff69f02018c 74 API calls 16989->16990 16990->17013 16994 7ff69f012890 59 API calls 16991->16994 16995 7ff69f0113aa 16992->16995 17007 7ff69f011463 16992->17007 16993 7ff69f01bcc0 _wfindfirst32i64 8 API calls 16996 7ff69f011454 16993->16996 16998 7ff69f011383 16994->16998 16999 7ff69f011050 98 API calls 16995->16999 16996->16858 16996->16863 16997 7ff69f0113c3 17002 7ff69f02018c 74 API calls 16997->17002 17000 7ff69f02018c 74 API calls 16998->17000 17001 7ff69f0113bb 16999->17001 17000->17013 17001->16997 17005 7ff69f0114d2 __std_exception_destroy 17001->17005 17003 7ff69f0113cf 17002->17003 17004 7ff69f0204dc _fread_nolock 53 API calls 17004->17007 17007->16997 17007->17004 17009 7ff69f0114bb 17007->17009 17010 7ff69f012890 59 API calls 17009->17010 17010->17005 17013->16993 17021 7ff69f013f6a 17020->17021 17022 7ff69f018ae0 57 API calls 17021->17022 17023 7ff69f013f92 17022->17023 17024 7ff69f01bcc0 _wfindfirst32i64 8 API calls 17023->17024 17025 7ff69f013fba 17024->17025 17025->16948 17025->16952 17025->16958 17027 7ff69f0177d0 17026->17027 17113 7ff69f0131e4 17112->17113 17114 7ff69f024ac4 49 API calls 17113->17114 17115 7ff69f01320a 17114->17115 17116 7ff69f01321b 17115->17116 17172 7ff69f025dec 17115->17172 17118 7ff69f01bcc0 _wfindfirst32i64 8 API calls 17116->17118 17119 7ff69f013239 17118->17119 17119->16902 17121 7ff69f0175ae 17120->17121 17122 7ff69f013fd0 116 API calls 17121->17122 17123 7ff69f0175dd 17122->17123 17173 7ff69f025e09 17172->17173 17174 7ff69f025e15 17172->17174 17189 7ff69f025700 17173->17189 17214 7ff69f024f98 17174->17214 17397 7ff69f0263dc 17396->17397 17398 7ff69f026402 17397->17398 17400 7ff69f026435 17397->17400 17399 7ff69f0254c4 _set_fmode 11 API calls 17398->17399 17401 7ff69f026407 17399->17401 17402 7ff69f026448 17400->17402 17403 7ff69f02643b 17400->17403 17404 7ff69f02aea4 _invalid_parameter_noinfo 37 API calls 17401->17404 17415 7ff69f02b1ec 17402->17415 17405 7ff69f0254c4 _set_fmode 11 API calls 17403->17405 17407 7ff69f014029 17404->17407 17405->17407 17407->15646 17428 7ff69f030cb8 EnterCriticalSection 17415->17428 17776 7ff69f0290a0 17775->17776 17779 7ff69f028b7c 17776->17779 17780 7ff69f028bc6 17779->17780 17781 7ff69f028b97 17779->17781 17789 7ff69f02536c EnterCriticalSection 17780->17789 17782 7ff69f02add8 _invalid_parameter_noinfo 37 API calls 17781->17782 17792 7ff69f01ff83 17790->17792 17802 7ff69f013fd0 116 API calls 17801->17802 17803 7ff69f0115c7 17802->17803 17804 7ff69f0115cf 17803->17804 17805 7ff69f0115f0 17803->17805 17806 7ff69f012b30 59 API calls 17804->17806 17807 7ff69f020814 73 API calls 17805->17807 17808 7ff69f0115df 17806->17808 17809 7ff69f011601 17807->17809 17808->15665 17810 7ff69f011605 17809->17810 17811 7ff69f011621 17809->17811 17812 7ff69f012890 59 API calls 17810->17812 17813 7ff69f011651 17811->17813 17814 7ff69f011631 17811->17814 17823 7ff69f01161c __std_exception_destroy 17812->17823 17816 7ff69f011666 17813->17816 17821 7ff69f01167d 17813->17821 17815 7ff69f012890 59 API calls 17814->17815 17815->17823 17818 7ff69f011050 98 API calls 17816->17818 17817 7ff69f02018c 74 API calls 17819 7ff69f0116f7 17817->17819 17818->17823 17819->15665 17820 7ff69f0204dc _fread_nolock 53 API calls 17820->17821 17821->17820 17822 7ff69f0116be 17821->17822 17821->17823 17824 7ff69f012890 59 API calls 17822->17824 17823->17817 17824->17823 17826 7ff69f01196f 17825->17826 17828 7ff69f0119d3 17825->17828 17827 7ff69f025070 45 API calls 17826->17827 17826->17828 17827->17826 17828->15684 17830 7ff69f018ae0 57 API calls 17829->17830 17831 7ff69f018277 LoadLibraryExW 17830->17831 17832 7ff69f018294 __std_exception_destroy 17831->17832 17832->15692 17892->15708 17893->15709 17895 7ff69f015bd0 17894->17895 17896 7ff69f011ef0 49 API calls 17895->17896 17897 7ff69f015c02 17896->17897 17898 7ff69f015c2b 17897->17898 17899 7ff69f015c0b 17897->17899 17900 7ff69f015c82 17898->17900 17902 7ff69f014050 49 API calls 17898->17902 17901 7ff69f012b30 59 API calls 17899->17901 17903 7ff69f014050 49 API calls 17900->17903 17921 7ff69f015c21 17901->17921 17906 7ff69f015c4c 17902->17906 17904 7ff69f015c9b 17903->17904 17908 7ff69f015cb9 17904->17908 17909 7ff69f012b30 59 API calls 17904->17909 17905 7ff69f015c6a 17912 7ff69f013f60 57 API calls 17905->17912 17906->17905 17911 7ff69f012b30 59 API calls 17906->17911 17907 7ff69f01bcc0 _wfindfirst32i64 8 API calls 17913 7ff69f01346e 17907->17913 17910 7ff69f018260 58 API calls 17908->17910 17909->17908 17914 7ff69f015cc6 17910->17914 17911->17905 17915 7ff69f015c74 17912->17915 17913->15719 17922 7ff69f015d20 17913->17922 17916 7ff69f015ccb 17914->17916 17917 7ff69f015ced 17914->17917 17915->17900 17920 7ff69f018260 58 API calls 17915->17920 17918 7ff69f0129e0 57 API calls 17916->17918 17992 7ff69f0151e0 GetProcAddress 17917->17992 17918->17921 17920->17900 17921->17907 18076 7ff69f014de0 17922->18076 17924 7ff69f015d44 17925 7ff69f015d4c 17924->17925 17926 7ff69f015d5d 17924->17926 17927 7ff69f012b30 59 API calls 17925->17927 18083 7ff69f014530 17926->18083 17993 7ff69f015220 GetProcAddress 17992->17993 17994 7ff69f015202 17992->17994 17993->17994 17995 7ff69f015245 GetProcAddress 17993->17995 17996 7ff69f0129e0 57 API calls 17994->17996 17995->17994 17997 7ff69f01526a GetProcAddress 17995->17997 17998 7ff69f015215 17996->17998 17997->17994 17998->17921 18079 7ff69f014e05 18076->18079 18077 7ff69f014e0d 18077->17924 18078 7ff69f01514a __std_exception_destroy 18078->17924 18079->18077 18081 7ff69f014f9f 18079->18081 18118 7ff69f026fb8 18079->18118 18080 7ff69f014250 47 API calls 18080->18081 18081->18078 18081->18080 18119 7ff69f026fe8 18118->18119 18122 7ff69f0264b4 18119->18122 18123 7ff69f0264f7 18122->18123 18124 7ff69f0264e5 18122->18124 18254 7ff69f02b710 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18253->18254 18255 7ff69f02a971 18254->18255 18256 7ff69f02aa9c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18255->18256 18257 7ff69f02a991 18256->18257 19873 7ff69f031d20 19884 7ff69f037cb4 19873->19884 19885 7ff69f037cc1 19884->19885 19886 7ff69f02af0c __free_lconv_mon 11 API calls 19885->19886 19888 7ff69f037cdd 19885->19888 19886->19885 19887 7ff69f02af0c __free_lconv_mon 11 API calls 19887->19888 19888->19887 19889 7ff69f031d29 19888->19889 19890 7ff69f030cb8 EnterCriticalSection 19889->19890

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FF69F036370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 133 7ff69f036370-7ff69f0363ab call 7ff69f035cf8 call 7ff69f035d00 call 7ff69f035d68 140 7ff69f0363b1-7ff69f0363bc call 7ff69f035d08 133->140 141 7ff69f0365d5-7ff69f036621 call 7ff69f02aec4 call 7ff69f035cf8 call 7ff69f035d00 call 7ff69f035d68 133->141 140->141 147 7ff69f0363c2-7ff69f0363cc 140->147 166 7ff69f036627-7ff69f036632 call 7ff69f035d08 141->166 167 7ff69f03675f-7ff69f0367cd call 7ff69f02aec4 call 7ff69f031be8 141->167 149 7ff69f0363ee-7ff69f0363f2 147->149 150 7ff69f0363ce-7ff69f0363d1 147->150 153 7ff69f0363f5-7ff69f0363fd 149->153 151 7ff69f0363d4-7ff69f0363df 150->151 154 7ff69f0363ea-7ff69f0363ec 151->154 155 7ff69f0363e1-7ff69f0363e8 151->155 153->153 157 7ff69f0363ff-7ff69f036412 call 7ff69f02dbbc 153->157 154->149 158 7ff69f03641b-7ff69f036429 154->158 155->151 155->154 164 7ff69f03642a-7ff69f036436 call 7ff69f02af0c 157->164 165 7ff69f036414-7ff69f036416 call 7ff69f02af0c 157->165 175 7ff69f03643d-7ff69f036445 164->175 165->158 166->167 176 7ff69f036638-7ff69f036643 call 7ff69f035d38 166->176 186 7ff69f0367db-7ff69f0367de 167->186 187 7ff69f0367cf-7ff69f0367d6 167->187 175->175 178 7ff69f036447-7ff69f036458 call 7ff69f030e54 175->178 176->167 188 7ff69f036649-7ff69f03666c call 7ff69f02af0c GetTimeZoneInformation 176->188 178->141 185 7ff69f03645e-7ff69f0364b4 call 7ff69f01d0e0 * 4 call 7ff69f03628c 178->185 246 7ff69f0364b6-7ff69f0364ba 185->246 192 7ff69f0367e0 186->192 193 7ff69f036815-7ff69f036828 call 7ff69f02dbbc 186->193 191 7ff69f03686b-7ff69f03686e 187->191 199 7ff69f036734-7ff69f03675e call 7ff69f035cf0 call 7ff69f035ce0 call 7ff69f035ce8 188->199 200 7ff69f036672-7ff69f036693 188->200 195 7ff69f036874-7ff69f03687c call 7ff69f036370 191->195 196 7ff69f0367e3 call 7ff69f0365ec 191->196 192->196 208 7ff69f03682a 193->208 209 7ff69f036833-7ff69f03684e call 7ff69f031be8 193->209 212 7ff69f0367e8-7ff69f036814 call 7ff69f02af0c call 7ff69f01bcc0 195->212 196->212 205 7ff69f03669e-7ff69f0366a5 200->205 206 7ff69f036695-7ff69f03669b 200->206 213 7ff69f0366b9 205->213 214 7ff69f0366a7-7ff69f0366af 205->214 206->205 215 7ff69f03682c-7ff69f036831 call 7ff69f02af0c 208->215 232 7ff69f036850-7ff69f036853 209->232 233 7ff69f036855-7ff69f036867 call 7ff69f02af0c 209->233 224 7ff69f0366bb-7ff69f03672f call 7ff69f01d0e0 * 4 call 7ff69f0331cc call 7ff69f036884 * 2 213->224 214->213 220 7ff69f0366b1-7ff69f0366b7 214->220 215->192 220->224 224->199 232->215 233->191 248 7ff69f0364bc 246->248 249 7ff69f0364c0-7ff69f0364c4 246->249 248->249 249->246 250 7ff69f0364c6-7ff69f0364eb call 7ff69f02706c 249->250 257 7ff69f0364ee-7ff69f0364f2 250->257 259 7ff69f036501-7ff69f036505 257->259 260 7ff69f0364f4-7ff69f0364ff 257->260 259->257 260->259 262 7ff69f036507-7ff69f03650b 260->262 264 7ff69f03658c-7ff69f036590 262->264 265 7ff69f03650d-7ff69f036535 call 7ff69f02706c 262->265 266 7ff69f036597-7ff69f0365a4 264->266 267 7ff69f036592-7ff69f036594 264->267 273 7ff69f036537 265->273 274 7ff69f036553-7ff69f036557 265->274 269 7ff69f0365a6-7ff69f0365bc call 7ff69f03628c 266->269 270 7ff69f0365bf-7ff69f0365ce call 7ff69f035cf0 call 7ff69f035ce0 266->270 267->266 269->270 270->141 277 7ff69f03653a-7ff69f036541 273->277 274->264 279 7ff69f036559-7ff69f036577 call 7ff69f02706c 274->279 277->274 280 7ff69f036543-7ff69f036551 277->280 285 7ff69f036583-7ff69f03658a 279->285 280->274 280->277 285->264 286 7ff69f036579-7ff69f03657d 285->286 286->264 287 7ff69f03657f 286->287 287->285
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F0363B5
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F035D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F035D1C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF22
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: GetLastError.KERNEL32(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF2C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69F02AEA3,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02AECD
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69F02AEA3,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02AEF2
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F0363A4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F035D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F035D7C
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03661A
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03662B
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03663C
                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F03687C), ref: 00007FF69F036663
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                • Instruction ID: 2fab69326fa5e270954a8682591520a6f41d61cd93790e61a414183bce014a8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1D1E122F0821286EB34DF22D8709B967A9FF44798F828175EA4DC3A95DFBCE441C740
                                                                                                                                                                                                                                                Function 00007FF69F0372BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 318 7ff69f0372bc-7ff69f03732f call 7ff69f036ff0 321 7ff69f037349-7ff69f037353 call 7ff69f028434 318->321 322 7ff69f037331-7ff69f03733a call 7ff69f0254a4 318->322 328 7ff69f03736e-7ff69f0373d7 CreateFileW 321->328 329 7ff69f037355-7ff69f03736c call 7ff69f0254a4 call 7ff69f0254c4 321->329 327 7ff69f03733d-7ff69f037344 call 7ff69f0254c4 322->327 345 7ff69f03768a-7ff69f0376aa 327->345 330 7ff69f0373d9-7ff69f0373df 328->330 331 7ff69f037454-7ff69f03745f GetFileType 328->331 329->327 335 7ff69f037421-7ff69f03744f GetLastError call 7ff69f025438 330->335 336 7ff69f0373e1-7ff69f0373e5 330->336 338 7ff69f037461-7ff69f03749c GetLastError call 7ff69f025438 CloseHandle 331->338 339 7ff69f0374b2-7ff69f0374b9 331->339 335->327 336->335 343 7ff69f0373e7-7ff69f03741f CreateFileW 336->343 338->327 353 7ff69f0374a2-7ff69f0374ad call 7ff69f0254c4 338->353 341 7ff69f0374bb-7ff69f0374bf 339->341 342 7ff69f0374c1-7ff69f0374c4 339->342 348 7ff69f0374ca-7ff69f03751f call 7ff69f02834c 341->348 342->348 349 7ff69f0374c6 342->349 343->331 343->335 357 7ff69f037521-7ff69f03752d call 7ff69f0371f8 348->357 358 7ff69f03753e-7ff69f03756f call 7ff69f036d70 348->358 349->348 353->327 357->358 365 7ff69f03752f 357->365 363 7ff69f037571-7ff69f037573 358->363 364 7ff69f037575-7ff69f0375b7 358->364 366 7ff69f037531-7ff69f037539 call 7ff69f02b084 363->366 367 7ff69f0375d9-7ff69f0375e4 364->367 368 7ff69f0375b9-7ff69f0375bd 364->368 365->366 366->345 370 7ff69f037688 367->370 371 7ff69f0375ea-7ff69f0375ee 367->371 368->367 369 7ff69f0375bf-7ff69f0375d4 368->369 369->367 370->345 371->370 373 7ff69f0375f4-7ff69f037639 CloseHandle CreateFileW 371->373 375 7ff69f03763b-7ff69f037669 GetLastError call 7ff69f025438 call 7ff69f028574 373->375 376 7ff69f03766e-7ff69f037683 373->376 375->376 376->370
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                                • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                • Instruction ID: 26a4a8dcd58a9c2cbb492fc672154e79459ea547a558119777c23c5af75f2d2a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8C1B337B28A4285EB20CF69C4A06BC3765FB49BA8B425275DE2E973D5DF78D056C300
                                                                                                                                                                                                                                                Function 00007FF69F017950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF69F01154F), ref: 00007FF69F0179E7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F017B60: GetEnvironmentVariableW.KERNEL32(00007FF69F013A1F), ref: 00007FF69F017B9A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F017B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF69F017BB7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F027DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F027E05
                                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32 ref: 00007FF69F017AA1
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F012B30: MessageBoxW.USER32 ref: 00007FF69F012C05
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                                • Opcode ID: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                • Instruction ID: f7e9411ccb5fdc2af9929f8f829ade3256124bd2a76947be30de78725e69e137
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F951B811B0924381FE74B762A8716FAA399DF89BC4F4644B1ED0ECB797DE2DE5028210
                                                                                                                                                                                                                                                Function 00007FF69F0365EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 766 7ff69f0365ec-7ff69f036621 call 7ff69f035cf8 call 7ff69f035d00 call 7ff69f035d68 773 7ff69f036627-7ff69f036632 call 7ff69f035d08 766->773 774 7ff69f03675f-7ff69f0367cd call 7ff69f02aec4 call 7ff69f031be8 766->774 773->774 779 7ff69f036638-7ff69f036643 call 7ff69f035d38 773->779 785 7ff69f0367db-7ff69f0367de 774->785 786 7ff69f0367cf-7ff69f0367d6 774->786 779->774 787 7ff69f036649-7ff69f03666c call 7ff69f02af0c GetTimeZoneInformation 779->787 790 7ff69f0367e0 785->790 791 7ff69f036815-7ff69f036828 call 7ff69f02dbbc 785->791 789 7ff69f03686b-7ff69f03686e 786->789 796 7ff69f036734-7ff69f03675e call 7ff69f035cf0 call 7ff69f035ce0 call 7ff69f035ce8 787->796 797 7ff69f036672-7ff69f036693 787->797 793 7ff69f036874-7ff69f03687c call 7ff69f036370 789->793 794 7ff69f0367e3 call 7ff69f0365ec 789->794 790->794 804 7ff69f03682a 791->804 805 7ff69f036833-7ff69f03684e call 7ff69f031be8 791->805 807 7ff69f0367e8-7ff69f036814 call 7ff69f02af0c call 7ff69f01bcc0 793->807 794->807 801 7ff69f03669e-7ff69f0366a5 797->801 802 7ff69f036695-7ff69f03669b 797->802 808 7ff69f0366b9 801->808 809 7ff69f0366a7-7ff69f0366af 801->809 802->801 810 7ff69f03682c-7ff69f036831 call 7ff69f02af0c 804->810 824 7ff69f036850-7ff69f036853 805->824 825 7ff69f036855-7ff69f036867 call 7ff69f02af0c 805->825 817 7ff69f0366bb-7ff69f03672f call 7ff69f01d0e0 * 4 call 7ff69f0331cc call 7ff69f036884 * 2 808->817 809->808 814 7ff69f0366b1-7ff69f0366b7 809->814 810->790 814->817 817->796 824->810 825->789
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03661A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F035D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F035D7C
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03662B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F035D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F035D1C
                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF69F03663C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F035D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F035D4C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF22
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: GetLastError.KERNEL32(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF2C
                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69F03687C), ref: 00007FF69F036663
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                • Instruction ID: c12c25f59f770228c08f19a182ef8b6807be9aa3e891eb958eb6d8fdde98023c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7517132E1864286E734DF22E8B19B97768FF48788F824175EA4DC3A96DF7CE4518740
                                                                                                                                                                                                                                                Function 00007FF69F011710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 0 7ff69f011710-7ff69f011724 1 7ff69f011726-7ff69f01173d call 7ff69f012b30 0->1 2 7ff69f01173e-7ff69f011742 0->2 4 7ff69f011768-7ff69f01178b call 7ff69f017c10 2->4 5 7ff69f011744-7ff69f01174d call 7ff69f0112b0 2->5 13 7ff69f0117b9-7ff69f0117d4 call 7ff69f013fd0 4->13 14 7ff69f01178d-7ff69f0117b8 call 7ff69f012890 4->14 11 7ff69f01175f-7ff69f011767 5->11 12 7ff69f01174f-7ff69f01175a call 7ff69f012b30 5->12 12->11 20 7ff69f0117d6-7ff69f0117e9 call 7ff69f012b30 13->20 21 7ff69f0117ee-7ff69f011801 call 7ff69f020814 13->21 26 7ff69f01192f-7ff69f011932 call 7ff69f02018c 20->26 27 7ff69f011823-7ff69f011827 21->27 28 7ff69f011803-7ff69f01181e call 7ff69f012890 21->28 36 7ff69f011937-7ff69f01194e 26->36 31 7ff69f011829-7ff69f011835 call 7ff69f011050 27->31 32 7ff69f011841-7ff69f011861 call 7ff69f024f90 27->32 39 7ff69f011927-7ff69f01192a call 7ff69f02018c 28->39 37 7ff69f01183a-7ff69f01183c 31->37 40 7ff69f011882-7ff69f011888 32->40 41 7ff69f011863-7ff69f01187d call 7ff69f012890 32->41 37->39 39->26 44 7ff69f01188e-7ff69f011897 40->44 45 7ff69f011915-7ff69f011918 call 7ff69f024f7c 40->45 49 7ff69f01191d-7ff69f011922 41->49 48 7ff69f0118a0-7ff69f0118c2 call 7ff69f0204dc 44->48 45->49 52 7ff69f0118c4-7ff69f0118dc call 7ff69f020c1c 48->52 53 7ff69f0118f5-7ff69f0118fc 48->53 49->39 58 7ff69f0118de-7ff69f0118e1 52->58 59 7ff69f0118e5-7ff69f0118f3 52->59 54 7ff69f011903-7ff69f01190b call 7ff69f012890 53->54 62 7ff69f011910 54->62 58->48 61 7ff69f0118e3 58->61 59->54 61->62 62->45
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                                • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                                • Opcode ID: bea1218080f229cfa34f42f7278fc204acd179b80b4e7937a704de77ccb1faf1
                                                                                                                                                                                                                                                • Instruction ID: 97ee013e1b3cffb0cb80bd81ae0a799ad1535259b4e3fb1c06bef9485546f7f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bea1218080f229cfa34f42f7278fc204acd179b80b4e7937a704de77ccb1faf1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00519DA1B0964282EA349B15E8606B973ACFF45B9CF4644B1EE1C87796EF7CE245C700
                                                                                                                                                                                                                                                Function 00007FF69F018950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000100000001,00007FF69F01414C,00007FF69F017911,?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F018990
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F0189A1
                                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F0189C3
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F0189CD
                                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F018A0A
                                                                                                                                                                                                                                                • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF69F018A1C
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F018A34
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F018A66
                                                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF69F018A8D
                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00007FF69F017D26,?,00007FF69F011785), ref: 00007FF69F018A9E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                                • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                • Instruction ID: 5561b88e24b28c2dc9634fd9d25d79323585eaf9cdbb9014fb4aef3ec696cfa1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C141B331718A8682E7309F50E8646AAB3A5FB84798F450231FA5E876D5DF7CE504C700
                                                                                                                                                                                                                                                Function 00007FF69F011AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                                • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                                • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                                • Opcode ID: e07f998c53de3eaed4ef031125ba1a47cdc9cc8d965eefd14634caacf5d27d33
                                                                                                                                                                                                                                                • Instruction ID: 6a5129a821d3d91260c46b2476a7b059d3bef8d43059e995b8195754355f49d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e07f998c53de3eaed4ef031125ba1a47cdc9cc8d965eefd14634caacf5d27d33
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79519471B09A4286EB38DF28D4601B977A8EF48B8CB668175E90CC7799DF7CE441CB44
                                                                                                                                                                                                                                                Function 00007FF69F018080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                                • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                • Instruction ID: c16a025d95170c2e0c64d534bd8b5e8df4ddbb793c2539b6e17dcce213de5771
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F416572A08B8282DA30DB64F4652AAB3A8FF94364F510375E6AD87BD5DF7CD055CB00
                                                                                                                                                                                                                                                Function 00007FF69F011000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 381 7ff69f011000-7ff69f0139d6 call 7ff69f01ff60 call 7ff69f01ff58 call 7ff69f0186b0 call 7ff69f01ff58 call 7ff69f01bc60 call 7ff69f0252f0 call 7ff69f025ef8 call 7ff69f011eb0 399 7ff69f0139dc-7ff69f0139ec call 7ff69f013ec0 381->399 400 7ff69f013ad2 381->400 399->400 405 7ff69f0139f2-7ff69f013a05 call 7ff69f013d90 399->405 402 7ff69f013ad7-7ff69f013af7 call 7ff69f01bcc0 400->402 405->400 409 7ff69f013a0b-7ff69f013a32 call 7ff69f017b60 405->409 412 7ff69f013a74-7ff69f013a9c call 7ff69f018040 call 7ff69f011cb0 409->412 413 7ff69f013a34-7ff69f013a43 call 7ff69f017b60 409->413 423 7ff69f013b71-7ff69f013b82 412->423 424 7ff69f013aa2-7ff69f013ab8 call 7ff69f011cb0 412->424 413->412 419 7ff69f013a45-7ff69f013a4b 413->419 421 7ff69f013a57-7ff69f013a71 call 7ff69f024f7c call 7ff69f018040 419->421 422 7ff69f013a4d-7ff69f013a55 419->422 421->412 422->421 427 7ff69f013b9e-7ff69f013ba1 423->427 428 7ff69f013b84-7ff69f013b8b 423->428 440 7ff69f013af8-7ff69f013afb 424->440 441 7ff69f013aba-7ff69f013acd call 7ff69f012b30 424->441 432 7ff69f013bb7-7ff69f013bcf call 7ff69f018ae0 427->432 433 7ff69f013ba3-7ff69f013ba9 427->433 428->427 430 7ff69f013b8d-7ff69f013b90 call 7ff69f0114f0 428->430 443 7ff69f013b95-7ff69f013b98 430->443 448 7ff69f013bd1-7ff69f013bdd call 7ff69f012b30 432->448 449 7ff69f013be2-7ff69f013be9 SetDllDirectoryW 432->449 437 7ff69f013bab-7ff69f013bb5 433->437 438 7ff69f013bef-7ff69f013bfc call 7ff69f016de0 433->438 437->432 437->438 451 7ff69f013c47-7ff69f013c4c call 7ff69f016d60 438->451 452 7ff69f013bfe-7ff69f013c0b call 7ff69f016a90 438->452 440->423 442 7ff69f013afd-7ff69f013b14 call 7ff69f013fd0 440->442 441->400 456 7ff69f013b16-7ff69f013b19 442->456 457 7ff69f013b1b-7ff69f013b47 call 7ff69f0182b0 442->457 443->400 443->427 448->400 449->438 460 7ff69f013c51-7ff69f013c54 451->460 452->451 466 7ff69f013c0d-7ff69f013c1c call 7ff69f0165f0 452->466 462 7ff69f013b56-7ff69f013b6c call 7ff69f012b30 456->462 457->423 472 7ff69f013b49-7ff69f013b51 call 7ff69f02018c 457->472 464 7ff69f013d06-7ff69f013d15 call 7ff69f0134c0 460->464 465 7ff69f013c5a-7ff69f013c67 460->465 462->400 464->400 483 7ff69f013d1b-7ff69f013d4d call 7ff69f017fd0 call 7ff69f017b60 call 7ff69f013620 call 7ff69f018080 464->483 469 7ff69f013c70-7ff69f013c7a 465->469 481 7ff69f013c3d-7ff69f013c42 call 7ff69f016840 466->481 482 7ff69f013c1e-7ff69f013c2a call 7ff69f016570 466->482 474 7ff69f013c7c-7ff69f013c81 469->474 475 7ff69f013c83-7ff69f013c85 469->475 472->462 474->469 474->475 479 7ff69f013c87-7ff69f013caa call 7ff69f011ef0 475->479 480 7ff69f013cd1-7ff69f013d01 call 7ff69f013620 call 7ff69f013460 call 7ff69f013610 call 7ff69f016840 call 7ff69f016d60 475->480 479->400 494 7ff69f013cb0-7ff69f013cba 479->494 480->402 481->451 482->481 495 7ff69f013c2c-7ff69f013c3b call 7ff69f016c30 482->495 509 7ff69f013d52-7ff69f013d6f call 7ff69f016840 call 7ff69f016d60 483->509 498 7ff69f013cc0-7ff69f013ccf 494->498 495->460 498->480 498->498 517 7ff69f013d7d-7ff69f013d87 call 7ff69f011e80 509->517 518 7ff69f013d71-7ff69f013d78 call 7ff69f017d40 509->518 517->402 518->517
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F013EC0: GetModuleFileNameW.KERNEL32(?,00007FF69F0139EA), ref: 00007FF69F013EF1
                                                                                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF69F013BE9
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F017B60: GetEnvironmentVariableW.KERNEL32(00007FF69F013A1F), ref: 00007FF69F017B9A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F017B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF69F017BB7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                                • Opcode ID: 42c018fafdb9e6edbe6d1e0f8437c7826ce010b3e8aef323e665998f8f8b76d8
                                                                                                                                                                                                                                                • Instruction ID: 8f3bc4b2d00e75c44d57be83964ba30a0661594a6a2bc3933602ed1cda0f4392
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42c018fafdb9e6edbe6d1e0f8437c7826ce010b3e8aef323e665998f8f8b76d8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BB18F61B1C68741EA35AB21D8712BD73A9FF8478CF8201B1EA4DC7696EF2CE505C700
                                                                                                                                                                                                                                                Function 00007FF69F011050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 522 7ff69f011050-7ff69f0110ab call 7ff69f01b4e0 525 7ff69f0110ad-7ff69f0110d2 call 7ff69f012b30 522->525 526 7ff69f0110d3-7ff69f0110eb call 7ff69f024f90 522->526 531 7ff69f011109-7ff69f011119 call 7ff69f024f90 526->531 532 7ff69f0110ed-7ff69f011104 call 7ff69f012890 526->532 537 7ff69f011137-7ff69f011147 531->537 538 7ff69f01111b-7ff69f011132 call 7ff69f012890 531->538 539 7ff69f01126c-7ff69f011281 call 7ff69f01b1c0 call 7ff69f024f7c * 2 532->539 541 7ff69f011150-7ff69f011175 call 7ff69f0204dc 537->541 538->539 555 7ff69f011286-7ff69f0112a0 539->555 548 7ff69f01117b-7ff69f011185 call 7ff69f020250 541->548 549 7ff69f01125e 541->549 548->549 556 7ff69f01118b-7ff69f011197 548->556 551 7ff69f011264 549->551 551->539 557 7ff69f0111a0-7ff69f0111c8 call 7ff69f019990 556->557 560 7ff69f0111ca-7ff69f0111cd 557->560 561 7ff69f011241-7ff69f01125c call 7ff69f012b30 557->561 562 7ff69f01123c 560->562 563 7ff69f0111cf-7ff69f0111d9 560->563 561->551 562->561 565 7ff69f0111db-7ff69f0111e8 call 7ff69f020c1c 563->565 566 7ff69f011203-7ff69f011206 563->566 571 7ff69f0111ed-7ff69f0111f0 565->571 569 7ff69f011208-7ff69f011216 call 7ff69f01ca40 566->569 570 7ff69f011219-7ff69f01121e 566->570 569->570 570->557 573 7ff69f011220-7ff69f011223 570->573 574 7ff69f0111fe-7ff69f011201 571->574 575 7ff69f0111f2-7ff69f0111fc call 7ff69f020250 571->575 577 7ff69f011237-7ff69f01123a 573->577 578 7ff69f011225-7ff69f011228 573->578 574->561 575->570 575->574 577->551 578->561 579 7ff69f01122a-7ff69f011232 578->579 579->541
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                                • Opcode ID: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                                                                                                                                • Instruction ID: c082bf41cb63f1c1b7105c0bad937b7ccca01801f022938c48154515bda7084b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21511162B0868285EA749B11A4603BA739CFF8479CF464171ED4DC7786EF3CE515C700
                                                                                                                                                                                                                                                Function 00007FF69F02C01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 653 7ff69f02c01c-7ff69f02c042 654 7ff69f02c05d-7ff69f02c061 653->654 655 7ff69f02c044-7ff69f02c058 call 7ff69f0254a4 call 7ff69f0254c4 653->655 656 7ff69f02c437-7ff69f02c443 call 7ff69f0254a4 call 7ff69f0254c4 654->656 657 7ff69f02c067-7ff69f02c06e 654->657 669 7ff69f02c44e 655->669 676 7ff69f02c449 call 7ff69f02aea4 656->676 657->656 660 7ff69f02c074-7ff69f02c0a2 657->660 660->656 663 7ff69f02c0a8-7ff69f02c0af 660->663 666 7ff69f02c0c8-7ff69f02c0cb 663->666 667 7ff69f02c0b1-7ff69f02c0c3 call 7ff69f0254a4 call 7ff69f0254c4 663->667 672 7ff69f02c0d1-7ff69f02c0d7 666->672 673 7ff69f02c433-7ff69f02c435 666->673 667->676 674 7ff69f02c451-7ff69f02c468 669->674 672->673 677 7ff69f02c0dd-7ff69f02c0e0 672->677 673->674 676->669 677->667 680 7ff69f02c0e2-7ff69f02c107 677->680 681 7ff69f02c109-7ff69f02c10b 680->681 682 7ff69f02c13a-7ff69f02c141 680->682 684 7ff69f02c10d-7ff69f02c114 681->684 685 7ff69f02c132-7ff69f02c138 681->685 686 7ff69f02c116-7ff69f02c12d call 7ff69f0254a4 call 7ff69f0254c4 call 7ff69f02aea4 682->686 687 7ff69f02c143-7ff69f02c16b call 7ff69f02dbbc call 7ff69f02af0c * 2 682->687 684->685 684->686 689 7ff69f02c1b8-7ff69f02c1cf 685->689 718 7ff69f02c2c0 686->718 714 7ff69f02c188-7ff69f02c1b3 call 7ff69f02c844 687->714 715 7ff69f02c16d-7ff69f02c183 call 7ff69f0254c4 call 7ff69f0254a4 687->715 692 7ff69f02c24a-7ff69f02c254 call 7ff69f033f8c 689->692 693 7ff69f02c1d1-7ff69f02c1d9 689->693 705 7ff69f02c25a-7ff69f02c26f 692->705 706 7ff69f02c2de 692->706 693->692 697 7ff69f02c1db-7ff69f02c1dd 693->697 697->692 701 7ff69f02c1df-7ff69f02c1f5 697->701 701->692 707 7ff69f02c1f7-7ff69f02c203 701->707 705->706 711 7ff69f02c271-7ff69f02c283 GetConsoleMode 705->711 709 7ff69f02c2e3-7ff69f02c303 ReadFile 706->709 707->692 712 7ff69f02c205-7ff69f02c207 707->712 716 7ff69f02c309-7ff69f02c311 709->716 717 7ff69f02c3fd-7ff69f02c406 GetLastError 709->717 711->706 719 7ff69f02c285-7ff69f02c28d 711->719 712->692 713 7ff69f02c209-7ff69f02c221 712->713 713->692 720 7ff69f02c223-7ff69f02c22f 713->720 714->689 715->718 716->717 722 7ff69f02c317 716->722 725 7ff69f02c408-7ff69f02c41e call 7ff69f0254c4 call 7ff69f0254a4 717->725 726 7ff69f02c423-7ff69f02c426 717->726 727 7ff69f02c2c3-7ff69f02c2cd call 7ff69f02af0c 718->727 719->709 724 7ff69f02c28f-7ff69f02c2b1 ReadConsoleW 719->724 720->692 729 7ff69f02c231-7ff69f02c233 720->729 733 7ff69f02c31e-7ff69f02c333 722->733 735 7ff69f02c2d2-7ff69f02c2dc 724->735 736 7ff69f02c2b3 GetLastError 724->736 725->718 730 7ff69f02c2b9-7ff69f02c2bb call 7ff69f025438 726->730 731 7ff69f02c42c-7ff69f02c42e 726->731 727->674 729->692 739 7ff69f02c235-7ff69f02c245 729->739 730->718 731->727 733->727 741 7ff69f02c335-7ff69f02c340 733->741 735->733 736->730 739->692 746 7ff69f02c367-7ff69f02c36f 741->746 747 7ff69f02c342-7ff69f02c35b call 7ff69f02bc34 741->747 750 7ff69f02c3eb-7ff69f02c3f8 call 7ff69f02ba74 746->750 751 7ff69f02c371-7ff69f02c383 746->751 753 7ff69f02c360-7ff69f02c362 747->753 750->753 754 7ff69f02c3de-7ff69f02c3e6 751->754 755 7ff69f02c385 751->755 753->727 754->727 757 7ff69f02c38a-7ff69f02c391 755->757 758 7ff69f02c3cd-7ff69f02c3d8 757->758 759 7ff69f02c393-7ff69f02c397 757->759 758->754 760 7ff69f02c399-7ff69f02c3a0 759->760 761 7ff69f02c3b3 759->761 760->761 762 7ff69f02c3a2-7ff69f02c3a6 760->762 763 7ff69f02c3b9-7ff69f02c3c9 761->763 762->761 764 7ff69f02c3a8-7ff69f02c3b1 762->764 763->757 765 7ff69f02c3cb 763->765 764->763 765->754
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                • Instruction ID: f76f368b8695bf29175d9aa283ee2c7f883ca8c99dd2cbcbf47df833814aa6f3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3C1F522A0C78681E7709B5594606FD7798EF81BA4F5781B1D94E87392CF7EE84B8320
                                                                                                                                                                                                                                                Function 00007FF69F02D520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 876 7ff69f02d520-7ff69f02d545 877 7ff69f02d54b-7ff69f02d54e 876->877 878 7ff69f02d813 876->878 879 7ff69f02d587-7ff69f02d5b3 877->879 880 7ff69f02d550-7ff69f02d582 call 7ff69f02add8 877->880 881 7ff69f02d815-7ff69f02d825 878->881 883 7ff69f02d5be-7ff69f02d5c4 879->883 884 7ff69f02d5b5-7ff69f02d5bc 879->884 880->881 886 7ff69f02d5c6-7ff69f02d5cf call 7ff69f02c8e0 883->886 887 7ff69f02d5d4-7ff69f02d5e9 call 7ff69f033f8c 883->887 884->880 884->883 886->887 891 7ff69f02d5ef-7ff69f02d5f8 887->891 892 7ff69f02d703-7ff69f02d70c 887->892 891->892 893 7ff69f02d5fe-7ff69f02d602 891->893 894 7ff69f02d760-7ff69f02d785 WriteFile 892->894 895 7ff69f02d70e-7ff69f02d714 892->895 896 7ff69f02d604-7ff69f02d60c call 7ff69f024900 893->896 897 7ff69f02d613-7ff69f02d61e 893->897 898 7ff69f02d787-7ff69f02d78d GetLastError 894->898 899 7ff69f02d790 894->899 900 7ff69f02d716-7ff69f02d719 895->900 901 7ff69f02d74c-7ff69f02d75e call 7ff69f02cfd8 895->901 896->897 903 7ff69f02d620-7ff69f02d629 897->903 904 7ff69f02d62f-7ff69f02d644 GetConsoleMode 897->904 898->899 906 7ff69f02d793 899->906 907 7ff69f02d738-7ff69f02d74a call 7ff69f02d1f8 900->907 908 7ff69f02d71b-7ff69f02d71e 900->908 923 7ff69f02d6f0-7ff69f02d6f7 901->923 903->892 903->904 913 7ff69f02d6fc 904->913 914 7ff69f02d64a-7ff69f02d650 904->914 916 7ff69f02d798 906->916 907->923 909 7ff69f02d7a4-7ff69f02d7ae 908->909 910 7ff69f02d724-7ff69f02d736 call 7ff69f02d0dc 908->910 917 7ff69f02d80c-7ff69f02d811 909->917 918 7ff69f02d7b0-7ff69f02d7b5 909->918 910->923 913->892 921 7ff69f02d6d9-7ff69f02d6eb call 7ff69f02cb60 914->921 922 7ff69f02d656-7ff69f02d659 914->922 924 7ff69f02d79d 916->924 917->881 925 7ff69f02d7b7-7ff69f02d7ba 918->925 926 7ff69f02d7e3-7ff69f02d7ed 918->926 921->923 929 7ff69f02d65b-7ff69f02d65e 922->929 930 7ff69f02d664-7ff69f02d672 922->930 923->916 924->909 931 7ff69f02d7bc-7ff69f02d7cb 925->931 932 7ff69f02d7d3-7ff69f02d7de call 7ff69f025480 925->932 933 7ff69f02d7ef-7ff69f02d7f2 926->933 934 7ff69f02d7f4-7ff69f02d803 926->934 929->924 929->930 935 7ff69f02d6d0-7ff69f02d6d4 930->935 936 7ff69f02d674 930->936 931->932 932->926 933->878 933->934 934->917 935->906 938 7ff69f02d678-7ff69f02d68f call 7ff69f034058 936->938 942 7ff69f02d6c7-7ff69f02d6cd GetLastError 938->942 943 7ff69f02d691-7ff69f02d69d 938->943 942->935 944 7ff69f02d6bc-7ff69f02d6c3 943->944 945 7ff69f02d69f-7ff69f02d6b1 call 7ff69f034058 943->945 944->935 947 7ff69f02d6c5 944->947 945->942 949 7ff69f02d6b3-7ff69f02d6ba 945->949 947->938 949->944
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69F02D50B), ref: 00007FF69F02D63C
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69F02D50B), ref: 00007FF69F02D6C7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                                • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                • Instruction ID: 091d48ce72d106db12a36c7280c9958ddffff2ce7096f8aba3303382c2b40c4f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4391F562F1965285F7708F2594642FD2BA8FB40B88F1641B9DE4E97A84DF3DD843C320
                                                                                                                                                                                                                                                Function 00007FF69F02FCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                                • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                • Instruction ID: 1a6119f6a1a153d2c83c88363ec8793f596bea39d6777140a7f6d99ce0041555
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B51F672F142128AFB34DF2499656FC27AAEB503A9F520175DD1E92AE5DF39A402C700
                                                                                                                                                                                                                                                Function 00007FF69F025854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                                • Opcode ID: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                                • Instruction ID: d7a0afa0d702f3a67928a2a6621b244f246356aacb78fd8edc347459ee444ad2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C51AF62E086418AFB20DF70D4603BD73A9EF48B68F128575DE4D87689DF39D4828324
                                                                                                                                                                                                                                                Function 00007FF69F01C07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                                                                                                                                • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                • Instruction ID: 82bd6e4c37d22056d0bedae7ac76002b810392c2e35256e3326ba1151b727abf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99312721F4C24341FA34AB6498B27F93399EF4278CF8684B5E94EC72D7CE6DE8458611
                                                                                                                                                                                                                                                Function 00007FF69F025700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                                • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                • Instruction ID: 89bbdcd9e2eff78e76b50997c7e2bb37e90ee0b68f0c10b09991c5d96e5c84da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF41B332D1878283E7708B20A5203B96364FF94764F119375EA9C43AD6DF7DA5E18714
                                                                                                                                                                                                                                                Function 00007FF69F02027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                                • Instruction ID: e4577ddfe72ea16f539df60903f69848d91430e9bb230bd76fe339e71467c358
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C513661B0A34146FA389E2695207FA6789FF40BB8F068771DD6C837C5CF3EE4128620
                                                                                                                                                                                                                                                Function 00007FF69F02C6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                                • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                • Instruction ID: 88d69c86068a6e5d1a1db3cb0ddd35fbaae6bed44983fae3a88399a7da069f4b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13110162A18B8181EA308B25A8240A9B369EB44BF4F554371EEBD877D9CF7CD0528700
                                                                                                                                                                                                                                                Function 00007FF69F0259FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F025911), ref: 00007FF69F025A2F
                                                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69F025911), ref: 00007FF69F025A45
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                                                • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                • Instruction ID: 0be32faafdb9fc65cbf436d1528c8ad16812023ab085eaf4e44f693a53e449d7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6411E072A0C64281EB708B00A46207EF7A4FF847A1F510235FAADC59E8EF3DD445CB10
                                                                                                                                                                                                                                                Function 00007FF69F02AF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF22
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF2C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                                • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                • Instruction ID: 57480dfffb2db7bd39c6bfdbdeb3eec58ef6ae13ce3fbf5b5afbfb4b9ab42149
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7E08690F0920242FF745BF258650B51358DF88711F4244F4D90DC6252DE7C68864220
                                                                                                                                                                                                                                                Function 00007FF69F02B11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF69F02AF99,?,?,00000000,00007FF69F02B04E), ref: 00007FF69F02B18A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF69F02AF99,?,?,00000000,00007FF69F02B04E), ref: 00007FF69F02B194
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                                • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                • Instruction ID: 09d76fa68d75252aa95619aad41f0853b39dd36fb9d162d78e456ce2c29f38ab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3210161F1868240FAB0872094B52FD238AEF80BA8F8642B5DA1EC33C5CE6DA4468310
                                                                                                                                                                                                                                                Function 00007FF69F02C46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                                • Instruction ID: d0a2706670d07fa48162c3f3c08fef15db587c70e29cc972433e5424c5131057
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B41E27290824187EA34DB29E5602BE77A8EF55BA5F114271DA8EC3691CF3EE443C760
                                                                                                                                                                                                                                                Function 00007FF69F0182B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                                • Opcode ID: 0fe9bd809d16dbb081c5160e2147b47f25fe8d51a8aa5299c63491277047e199
                                                                                                                                                                                                                                                • Instruction ID: 2dc206f8627a28568dcae38b80a595e1422530034e10f3a55dfd8f0746465dc3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fe9bd809d16dbb081c5160e2147b47f25fe8d51a8aa5299c63491277047e199
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C210721B0825246FB609B1266653FAB799FF45BC8F8E5070EE4C87786CE3DE212C200
                                                                                                                                                                                                                                                Function 00007FF69F02BEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                                • Instruction ID: 5f81135d61ef098a9bd9b5b0ace765ecf593189a77d6e10e5792e77c0d319b7b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E31C262E1864281F7A09B1188613FC6758EF80B66F4301B6EE1C873D2CF7EE5438724
                                                                                                                                                                                                                                                Function 00007FF69F0264A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                • Instruction ID: b78ccf21653a1c111987c2f1a9786784dce184c6ead03db42f269a1f0b8b41a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE116321E1D64181EA709F5194212FEA368FF85B88F4644B1EECDC7A86DF7ED4428724
                                                                                                                                                                                                                                                Function 00007FF69F036CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                • Instruction ID: 56abe81d997cf08414a200cddfaa82866466b3e0287c283ad6d62693e26e814f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA21D432A18A4187DB748F18E4A0B7977A4FB84B58F554234EA9DC76DADF7DD401CB00
                                                                                                                                                                                                                                                Function 00007FF69F0204FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                • Instruction ID: 455011c5d6a25b9c5ca6673a01638bb1b94bdf20bb1d88bf8ba472c1d3880ebe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF01C421A0875140EE24DB5699101FAAB99FF85FE0F4946B1DE6C97BD6CE3DD4128310
                                                                                                                                                                                                                                                Function 00007FF69F02F158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF69F02B9A6,?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02), ref: 00007FF69F02F1AD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                                • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                • Instruction ID: abb44393c9003268738208c250b70fde40ee10649f7ebeed2b3c90f15af34dbf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85F06D45B2920781FE785662D9702F94399DF88BC6F8E44B1CD0EC63C2DF6EE4828230
                                                                                                                                                                                                                                                Function 00007FF69F02DBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF69F020D24,?,?,?,00007FF69F022236,?,?,?,?,?,00007FF69F023829), ref: 00007FF69F02DBFA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                                • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                • Instruction ID: 2e72a19a8aa4ca68b15c3a7a8fcf95024aebe77a856f9e61163c0c991b1acfd4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23F08200F0E247C1FE78566259706F55398DF44765F9A06B0DC2EC62C2DDADE8438230

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00007FF69F016EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                                • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                • Instruction ID: fd82de45e7792958e8e6432838ff358e2e21decef6a42f17cf8f94492ca3c51d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9E1E264B0EB0790FA359B05ACB057477AEEF18748B8651B9D85E863A4FFBCF558C200
                                                                                                                                                                                                                                                Function 00007FF69F011F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                                • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                • Instruction ID: aef5c61e917ff6dab57da0bcc185b904d608342f6ec6baf5be6666ef2dd82ef8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBA17B76608B8587E724CF12E564B9AB374F788B88F514125EB9D83B24CFBDE164CB40
                                                                                                                                                                                                                                                Function 00007FF69F03471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                • Instruction ID: 68f61badeecbc8fdf7b3a0bbb2e93da9a6b002c3b7881e110d5701b8aca66bcd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEB2F576F182928BEB748F24D460BFD77A9FB44388F511175DA0D9BA94DFB8A900CB40
                                                                                                                                                                                                                                                Function 00007FF69F018560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF69F012A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F018587
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32 ref: 00007FF69F0185B6
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF69F01860C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF69F0187F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F012A14
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: MessageBoxW.USER32 ref: 00007FF69F012AF0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                                • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                • Instruction ID: 8f06adbae1659d85c5682a7c235dd1a5121331bd1167cf9fcd59f2b7e4c5e515
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08218E71B1CA4681FB309B15E86566A73A8FF88388F860175EA4DC36A4EFBCE155C700
                                                                                                                                                                                                                                                Function 00007FF69F01C57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                                • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                • Instruction ID: 10cf5311c11893029fd6bf9883fe2705134ab7679a9a85728b988ba088570b91
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43313072709B8186EB709F60E8A07ED7368FB84748F45443ADA4D87B94DF78D648C714
                                                                                                                                                                                                                                                Function 00007FF69F02ABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                                • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                • Instruction ID: 7585b6dd470686b69e0dd548d70c721d0973a71bdc8af718462dd4669a9df7f1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37316032608B8186DB70CF25E8506EE73A8FB88768F510135EA9D83B99DF3CD545CB00
                                                                                                                                                                                                                                                Function 00007FF69F031EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                                • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                • Instruction ID: 5add7c1d05fea13768b38721cf15f5efb24dd27ddba27f9e86fcb3cd4b3d2f16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BB10622B1868241EA70DB62D9209B96399FF54BE4F464171EE5EC7BC9DFBCE446C300
                                                                                                                                                                                                                                                Function 00007FF69F01C460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                • Instruction ID: f599117cf8ee5eb917852c5c06f5ae8d9957b836ae33cd1d0799dd15821af193
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67117062B14F058AEB20CF60E8642B933A8FB18758F050E31EE6D877A4DF7CD1948380
                                                                                                                                                                                                                                                Function 00007FF69F034280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                • Instruction ID: 4f4b6febd42aa5e4572f42f6323f0c01b6f0d404689f34ec944cdded10ef83cb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDC11476B1968687EB34CF19A054A7AB7A5F794B84F568134DB4E8BB44DF7CE800CB00
                                                                                                                                                                                                                                                Function 00007FF69F039FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                                                                                • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                • Instruction ID: ac7eb8bedb66bf44011fc5bd9cc9457c3e949474cf6d2dd18fb0648f4269c976
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1B1AB77600B898BEB25CF29C84676C3BA0F784B58F168961DB6D837A4CF7AD451C700
                                                                                                                                                                                                                                                Function 00007FF69F0188D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                • Instruction ID: 6ca684580fe1ca3b1d30a392f288eb5d56e9022192b0b27a1cfb41ffa5cde20a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48F0AF72A1C68586F7B08F64F4A976A73A4FB8472CF450335EA6D426D4DF7CD1588A00
                                                                                                                                                                                                                                                Function 00007FF69F023AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                                                • API String ID: 0-227171996
                                                                                                                                                                                                                                                • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                • Instruction ID: 0b11ac5b19873cc0c59f0003fe4b62fb602b45011437afcb09635c5d0b0e967b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E1C532A0864682EB788E2990601BD33A8FF45B68F665175DE4E877D4DF3BE853C710
                                                                                                                                                                                                                                                Function 00007FF69F02E4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                                                                                                                                • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                • Instruction ID: 681336949169a38e6e8538a31df7a102f8f6260e14af2fe09b85ecdd5599d36f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C551AB22B182D142EB348F3598247A9BB95F744B94F4AC2B1CBAC87BC5DF3ED0428710
                                                                                                                                                                                                                                                Function 00007FF69F030F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                                                                                                                                • Opcode ID: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                • Instruction ID: c21a9577cba046ac1604afbb5d8ffdcd1114668917174767d38785c66c1a59b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b7c577155937df3467bd9cdd4550942c9176b8fc8785c5dc3f7c97a7b0e1b3f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2302A021F0D64340FA71AB229430ABD279CEF49BA0F4746B5DD6DC67DADEBDA4128310
                                                                                                                                                                                                                                                Function 00007FF69F02E01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                                                                                                                                • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                • Instruction ID: b8fb4ffe6ccdcad76a185ae74200f8449390e668be1fd14624130940e9ab03c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6A14573A0878586EB31CB25A4607ED7F99EB50B84F068172DE8E87781DE3EE506C711
                                                                                                                                                                                                                                                Function 00007FF69F0286D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                • Instruction ID: e1281f4f6987d6be297f3ed2a3ef8c833703a64467c5861375fb1cdd653c2fa2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A251C419F0864241FA78A72659325FA53D9EF84BC4F5A40B6DE0DC77D6EE3EE4238210
                                                                                                                                                                                                                                                Function 00007FF69F033AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                                • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                • Instruction ID: 301903cfa2c9eb4ee2d8951fc2c5c19f8688bef019e7e875d7cdfed09ebee9f1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEB09220E0BA46C2EB582B126CA621423A8BF48B04F9640B8C10CC1320DE6C20B54700
                                                                                                                                                                                                                                                Function 00007FF69F0236E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                • Instruction ID: a9a81ec1d840a0c6e73fbbc8780746a7a6f0e106736937a4821873eab71a6c03
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AD1D462E0864285EB788B2980602BD67A8EF05B68F165275CE0D877D5DF3FE847C360
                                                                                                                                                                                                                                                Function 00007FF69F018FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                • Instruction ID: 8f7d3517dbe8054d33b2298a5b679fd0ef83353afa93192d62776e1a2b7c64d3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18C134322142F08BD699EB29E86947A33E5F7A930DBD5403BEB874B785CA3CE414D750
                                                                                                                                                                                                                                                Function 00007FF69F022D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                • Instruction ID: c896673432c3f574a13efbeb872ea5d90470fc4d450de92b2c676edb89372f20
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAB17E72A0874585EB758F29C4A42BD3BA8F749F58F2601B9CA4E87395CF3AD442D720
                                                                                                                                                                                                                                                Function 00007FF69F02EB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                • Instruction ID: a2b38d67fdc05a32d301ce6a30d72410cc0e459497bc65e99c77947f0fc6716f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0814472A4C78186E774CF1994A03BA6F95FB45790F554235DA8E87BC8CF3ED0028B10
                                                                                                                                                                                                                                                Function 00007FF69F036D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                • Opcode ID: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                                • Instruction ID: 6d361e122494dec71801b71b520ae0eb311f9b884f4d7758086982f7de5b47bd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6611C22F0C28646F73C8A28C470E79679AEF40378F1642B5E69DC76C5DEBEE8058700
                                                                                                                                                                                                                                                Function 00007FF69F021E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                • Instruction ID: 82f74ed550f9e61481bd937cab6b4649daf64406a5e2a5731df451cf3a251881
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC51A532B18651C6EB748B29C0602B933A9EB48B68F264171DE5D87795CF3BED43C790
                                                                                                                                                                                                                                                Function 00007FF69F021A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                • Instruction ID: 3c6aba32b05865cfb45cdc2aafa49975600dbdea63a57836f9b4f7506392a9dc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F518E76A18A5182EB358B29C0602BD23A8EB49B68F365171CA4C87794DF3BE843C750
                                                                                                                                                                                                                                                Function 00007FF69F0222A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                • Instruction ID: 474e4f80e123d6b5407d07344ce26f7a97f793c6d5aa08cb04c59325b5d1e2fb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67518136A1865182F7348B69D1A02BC37A4EB55B68F2652B1CE8D87794CF3BE843C750
                                                                                                                                                                                                                                                Function 00007FF69F021880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                • Instruction ID: 3917c3299edcfe9e6ef14b43539afd6ea97b68692fe8446a6eb49b5044c8b0f3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A519076A1869186EB348B29C0603B867A9EB45B58F364171CE4D977A4CF3BE843C790
                                                                                                                                                                                                                                                Function 00007FF69F0220A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                • Instruction ID: df306f558e11f1b0ed587e0dd5deb8e3c86c81c922c403a2ff39205722298940
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B951AE36A1865182F7348B69C0606BC27A9EB58B58F2A4171CF4C97798CF3BE853C750
                                                                                                                                                                                                                                                Function 00007FF69F021C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                • Instruction ID: 85508ea4beca16bc67eb74ec2eeb6ceb2a1fb798cc1ac1b9d9ec2e1e165b6466
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00516076A18651C6EB348B29D0602B837A9EB48B58F364171CE4D97798CF3BE843C790
                                                                                                                                                                                                                                                Function 00007FF69F025F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                • Instruction ID: 2539cf4a3c2ace443ea4ca290490d82f2a740d36a92af7b7ebc3cb246f675bc0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C41E152E0D78E44E9F18A1C09206F52788EF22BA8D5A53F5DDDD977D3CC0F2A878220
                                                                                                                                                                                                                                                Function 00007FF69F02A430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                                • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                • Instruction ID: fb499f3c64c7dcff4d240ca6ab6128ee20426b82017b63e824a33e37e0cf1c2a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6941F872714A5581FF24CF2AD9245A9B3A5F748FE0B0A9036DE0DC7B58DE3DD1868300
                                                                                                                                                                                                                                                Function 00007FF69F027C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                • Instruction ID: 3835478596cfeb3a86438a337dab8f4f19d5ea69ddaba41175dd2fbd9b57b9a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8931D232B09B4242E774DB25A8501BD67E9EB84BA0F164279EE9D93BD6DF3CD0138314
                                                                                                                                                                                                                                                Function 00007FF69F039E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                • Instruction ID: 08ceb625073844bc9d98e69790087eef85150d58b0bc76322e907db7136a2d94
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0F06271B182958ADBA48F29A86262977D5F7483C0F80C4B9E68DC3F14DA7C90608F04
                                                                                                                                                                                                                                                Function 00007FF69F01C760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                • Instruction ID: c5c95e716b982d518fb076d6381dad3a423b8743692fc99b0e0e3914612caf9a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9A00265A0CD06D0E6758B10E8B44B03338FB5130CB9240B1E40DC10A09FFCE545C340
                                                                                                                                                                                                                                                Function 00007FF69F0151E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                                                                                • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                                • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                • Instruction ID: cd878e72fb62b3568cecf4dc1eeb4c8c2dba22e2b42ee2c27bc730044e2a9d9f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C129165F0EB0390FA75CB04ACB057427A9EF15758B8695B5D81ECB2A4FFBCB548C240
                                                                                                                                                                                                                                                Function 00007FF69F0112B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message_fread_nolock
                                                                                                                                                                                                                                                • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                                • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                                • Opcode ID: 28b72b6dd3b7326a990f9e3b11dd8638ee3f971b352538d2c25bb3e62b2d7916
                                                                                                                                                                                                                                                • Instruction ID: c5e881560bf8bce2cb4eacf4d18ca5ea113794e3c788d69de8964e01aea07686
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28b72b6dd3b7326a990f9e3b11dd8638ee3f971b352538d2c25bb3e62b2d7916
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68519061B0968346FA34A711A8706FA739CEF44B8CF424071EE4D87B9AEE7CE545C700
                                                                                                                                                                                                                                                Function 00007FF69F0123F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                • Instruction ID: 4aeffde9386b140d6b2ba37838a7469cc8b1a545dc357871dee91f2e58051b0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4511466608BA187D6349F22E4281BAB7A1FB98B65F004121EFCE83784DF7CD085CB10
                                                                                                                                                                                                                                                Function 00007FF69F0267A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                • Instruction ID: 1cde93fa687fd2a2bbb704c1acbe0b87661af64c72523b3f21d50e0919804ec0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5612A462E0C14786FB309A14D1642F977A9FB80758FD64076EAC9876C4DF3EE5828B24
                                                                                                                                                                                                                                                Function 00007FF69F021108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                • Instruction ID: 4d56a6edc0a54afd3bc5011ca71d54421ea5a8574837970a838619fca3a21825
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5212B632E0C14386FF309A15D0746FA736AFB80754F9641B5E69A876C4DF3EE5828B20
                                                                                                                                                                                                                                                Function 00007FF69F0115A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                                • Opcode ID: efc8d44ed9c118c8941ed82a4cd244b9d413ba80867f69d9970236f942c8c2d9
                                                                                                                                                                                                                                                • Instruction ID: 6a18d8e7324aceeff81910346a7d09cc4aec50289f0aa74e65e82130eae8526c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efc8d44ed9c118c8941ed82a4cd244b9d413ba80867f69d9970236f942c8c2d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A231B261B0964386FE34DB51A8605BAB3ACEF447CCF4A4071EE4D87A55EE7DE542C700
                                                                                                                                                                                                                                                Function 00007FF69F01EB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                • Instruction ID: f3c999b1b9368453b74f174840bd8a8318a469e929eac40f5fc2afd79159d9dc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5E18C72B08B418AEB349B6594A03AE7BA8FB4579CF110175EE4D97B95CF38F581C700
                                                                                                                                                                                                                                                Function 00007FF69F02F1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF69F02F56A,?,?,000002A547737C28,00007FF69F02B317,?,?,?,00007FF69F02B20E,?,?,?,00007FF69F026452), ref: 00007FF69F02F34C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF69F02F56A,?,?,000002A547737C28,00007FF69F02B317,?,?,?,00007FF69F02B20E,?,?,?,00007FF69F026452), ref: 00007FF69F02F358
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                • Instruction ID: 246b62ede5c52f5d4d7bed86366e4d32d8a321ff877036c71106c5561718f444
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86414861B29A0241FA36CB169C205B52399FF49BE0F4B4175ED1DCB788EF3EE44A8310
                                                                                                                                                                                                                                                Function 00007FF69F0186B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F018747
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F01879E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                                                                                • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                • Instruction ID: 8fbb515dd7623b06e7df0337f979603ef7d6240b07fa798baea72019872c6770
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A41ED32B08B8282E770DF15B86117AB7A9FB84798F564175EA8D83B94DF3CD166C700
                                                                                                                                                                                                                                                Function 00007FF69F018BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF69F0139EA), ref: 00007FF69F018C31
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF69F0187F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F012A14
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: MessageBoxW.USER32 ref: 00007FF69F012AF0
                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF69F0139EA), ref: 00007FF69F018CA5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                                • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                • Instruction ID: 9c3c2210b08f5c11f947992c1e94543cb6a5eba080fa0fdf8476d967ff678a1d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E218B31B0AB4685EB20DF26A86107973A9EB84B88F9A4175DA4DC3794EF7CE6118300
                                                                                                                                                                                                                                                Function 00007FF69F0175A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                                • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                                • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                                • Opcode ID: 2240716bbe72ad784abe2b242e4c0a0e81a9ac30340f9e4326560e869a2db470
                                                                                                                                                                                                                                                • Instruction ID: 571a148e8134339e90bb22ade1fa5cb107ef1fa5eb5774b8aaa6763655d96880
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2240716bbe72ad784abe2b242e4c0a0e81a9ac30340f9e4326560e869a2db470
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA51AC60B0E64345FA30AB25A9702F9739DDF85B88F4600B1EE2DC77DAEE2CE5058350
                                                                                                                                                                                                                                                Function 00007FF69F01DDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF69F01E06A,?,?,?,00007FF69F01DD5C,?,?,00000001,00007FF69F01D979), ref: 00007FF69F01DE3D
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF69F01E06A,?,?,?,00007FF69F01DD5C,?,?,00000001,00007FF69F01D979), ref: 00007FF69F01DE4B
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF69F01E06A,?,?,?,00007FF69F01DD5C,?,?,00000001,00007FF69F01D979), ref: 00007FF69F01DE75
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF69F01E06A,?,?,?,00007FF69F01DD5C,?,?,00000001,00007FF69F01D979), ref: 00007FF69F01DEBB
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF69F01E06A,?,?,?,00007FF69F01DD5C,?,?,00000001,00007FF69F01D979), ref: 00007FF69F01DEC7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                • Instruction ID: 87948b630ba82ae7e967b2be97a9105096bf098920c8462ff4ff1c12297037f8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD317021B1B64295EA31EB02A82057633D9FF58BA9F5B0575ED1D8A394DF7CE4458300
                                                                                                                                                                                                                                                Function 00007FF69F017420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F018AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF69F012ABB), ref: 00007FF69F018B1A
                                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF69F0179A1,00000000,?,00000000,00000000,?,00007FF69F01154F), ref: 00007FF69F01747F
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F012B30: MessageBoxW.USER32 ref: 00007FF69F012C05
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF69F0174DA
                                                                                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF69F017493
                                                                                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF69F017456
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                                • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                • Instruction ID: 06e643114d3ddf79a6d3f3fe76ead902c6b1dc90209f5fe944d33728601ad0ff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E319451F1D78281FB34E721E9753BA7399EF987C8F860471DA5EC2796EE6CE1048600
                                                                                                                                                                                                                                                Function 00007FF69F018AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF69F012ABB), ref: 00007FF69F018B1A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF69F0187F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F012A14
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: MessageBoxW.USER32 ref: 00007FF69F012AF0
                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF69F012ABB), ref: 00007FF69F018BA0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                                • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                • Instruction ID: 7f1d412af69d544a1fc3a320037606229db3764b93241a649fac2f85a230a749
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B21A362B08A4681EB60DB29F861069B3A5FF847CCF5941B1DF4CC3B69EF2CD5518700
                                                                                                                                                                                                                                                Function 00007FF69F02B710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                                • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                • Instruction ID: 0829f3f1e64c646490f6b3fda497093f22de4f384cd5def573379697bcd9a3da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1217964B0864342FA7867315A751B9639ADF447B0F1247B4E93EC7AE6DE2EA4024620
                                                                                                                                                                                                                                                Function 00007FF69F0385BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                • Instruction ID: c376f02b971295dceec0a624cbaee3beefa0264b96cf38ca49f049c2f51bfaf1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C11B621B18B5186E7608B42E86472977A8FB98FE8F050274EA1DC77A4DFBCD4548740
                                                                                                                                                                                                                                                Function 00007FF69F02B888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B897
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B8CD
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B8FA
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B90B
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B91C
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF69F0254CD,?,?,?,?,00007FF69F02F1BF,?,?,00000000,00007FF69F02B9A6,?,?,?), ref: 00007FF69F02B937
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                                • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                • Instruction ID: 5a95a1de861b8184c9e1ebfad2f06cd3a498bb0fb991f5ea57ff4c652ab6a2f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE118C60F0C65242FA7867315AB51B9239ADF447B0F4647B4ED3EC76D6DE2EB4038620
                                                                                                                                                                                                                                                Function 00007FF69F01D778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                • String ID: csm$f
                                                                                                                                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                                • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                • Instruction ID: 3fbe075b1112757a2d0885641db2ffe136b638a3bc27bb0758f4ebd635b93c7e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D951B332B1A6428AE734DB15E464A393799FB80B9CF528174EE5E87788DF78E941C700
                                                                                                                                                                                                                                                Function 00007FF69F012600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                • Instruction ID: 1d06acf457ab0b122e9a4b066a85f1dbd882aba852d8c688c55a2caf905595ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51317E72B19A8289EB30DB21E8652F97368FF89788F410175EA4D8BB5ADF3CD105C700
                                                                                                                                                                                                                                                Function 00007FF69F0129E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF69F0187F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F012A14
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F018560: GetLastError.KERNEL32(00000000,00007FF69F012A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F018587
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F018560: FormatMessageW.KERNEL32 ref: 00007FF69F0185B6
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F018AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF69F012ABB), ref: 00007FF69F018B1A
                                                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF69F012AF0
                                                                                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF69F012B0C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                                • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                • Instruction ID: eba27c556e53c590a0b84ba855169bb6f657fb5c20c68a41e52fe951dea1eb5c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A31547272868291E730DB10E4616EAB3A8FF847C8F814176E68D83A99DF7CD745CB40
                                                                                                                                                                                                                                                Function 00007FF69F02A018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                • Instruction ID: 805cc02684b517a72cfb9ae8b55f353cb46800059c574ed9332212ffa5945fec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FF0C261B0970281FB308B24ECA47795368EF48774F450279D56E861E4CF7DE489C310
                                                                                                                                                                                                                                                Function 00007FF69F039C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                                • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                • Instruction ID: 3f59521be645afb89d7308e0bdbc8479e20cd062d0efeffef3680498dae6c320
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F11C132E2CA0301F6741168E576B7D07AAEF54370E8606B4E96E863DACEFDA8414600
                                                                                                                                                                                                                                                Function 00007FF69F02B950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02B96F
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02B98E
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02B9B6
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02B9C7
                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF69F02AB67,?,?,00000000,00007FF69F02AE02,?,?,?,?,?,00007FF69F0230CC), ref: 00007FF69F02B9D8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                                • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                • Instruction ID: bfebb4320dc27ba770e1d24b26f9916c4469c09eefbdc643f2538ac4c647db28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC117F60F0824242FA789736A9711B96349EF453F0F0643B4ED7DC67D6DE2DE4438620
                                                                                                                                                                                                                                                Function 00007FF69F02B7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                                • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                • Instruction ID: 5bd2f318e49d8a6816a7e34b03df3193629f2f7255e861f8f175717c3c2a955e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B1109A0F1920742F978677158711FA2389DF453B0F5A47B4D93ECA2D3EE2EB4038621
                                                                                                                                                                                                                                                Function 00007FF69F0264B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: verbose
                                                                                                                                                                                                                                                • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                • Instruction ID: ca319ba08ad9554de5e14ed3602dc92a7d14c9f595490720f8d49bbe5a2ab5bc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4591C122A0864681FB318E25D4747BD77A9FB40B5CF8641B6DA9D873C5DE3EE8438720
                                                                                                                                                                                                                                                Function 00007FF69F0305A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                • Instruction ID: f8bf2b95e8ccdc5aef060060ac6abd89b93d5b602aee6e84d3574a45bbe9bf02
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B181D575E0A60285F7744F298230A7C3798EB10B8CF5780B5CA4AD7299DFADF8218B41
                                                                                                                                                                                                                                                Function 00007FF69F01EFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                • Instruction ID: 4335050efeb8d2739fe0ad2e64b507fa425971136eec11da60329daf281536d9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81618732B18A858AEB208F65D4903AD7BA4FB48B8CF054265EF4D57B99DF38E185C700
                                                                                                                                                                                                                                                Function 00007FF69F01F334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                • Instruction ID: 22d491aaca63eae1bccad1301855f23d6558a7d534de42d36e9ea64c761961f3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A51BF72A1828286EB748F11916436877A8FB84B9EF1541B5DB9DC7B85CF3CF4A0C700
                                                                                                                                                                                                                                                Function 00007FF69F012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                                • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                • Instruction ID: ae797262793ed535c019a1f144d13a01fce1acbb1efe4eae6b9fab3178854a5f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4931797272868181E630D710F4616EAB3A8FF847C8F814176E68D87A99DF7CD705CB40
                                                                                                                                                                                                                                                Function 00007FF69F013EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF69F0139EA), ref: 00007FF69F013EF1
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF69F0187F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69F01101D), ref: 00007FF69F012A14
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F0129E0: MessageBoxW.USER32 ref: 00007FF69F012AF0
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                                • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                • Instruction ID: 33eea1d19960ba3a4586e8c91dc4c894a93eb088e03667366a2a981f87747692
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28017161B2968280FA709721E8757B523A9EF5C78CF820475E84DC6292EE5CE149C700
                                                                                                                                                                                                                                                Function 00007FF69F02CB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                                • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                • Instruction ID: fcba1e4cb0a94985bd7a0ad5b28eb333fce96050cf9b57d7151aeaf14d8c98db
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CED13372B18A8089E720CF79D4502EC37B9FB44BA8B518276DE5DA7B89DE39D507C310
                                                                                                                                                                                                                                                Function 00007FF69F012330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                                                • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                • Instruction ID: fdb16d8ee4b92424c43ed3744ef4211bd4f62f2886d8cc2a48dc61fd66a26608
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4911CC61F0815242F774976AF7546B9739AEF84B8CF4680B0EA4D87B9DCD7CD5C14600
                                                                                                                                                                                                                                                Function 00007FF69F03628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                • Instruction ID: d4910f7cf3dc9a95b7276bcbce23c5a71515a271f43c734661d04b0b45201a3a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC412612E0828242FB388B25E565F7A6768EF80BA8F154275EE9C87AD9DE7CD441C700
                                                                                                                                                                                                                                                Function 00007FF69F0295A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69F0295D6
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF22
                                                                                                                                                                                                                                                  • Part of subcall function 00007FF69F02AF0C: GetLastError.KERNEL32(?,?,?,00007FF69F033392,?,?,?,00007FF69F0333CF,?,?,00000000,00007FF69F033895,?,?,00000000,00007FF69F0337C7), ref: 00007FF69F02AF2C
                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69F01BFE5), ref: 00007FF69F0295F4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\hSyJxPUUDx.exe
                                                                                                                                                                                                                                                • API String ID: 3580290477-1916828411
                                                                                                                                                                                                                                                • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                • Instruction ID: 2e91d18d4aa28e3e496690d43a100faeb049d5ed0a304fe0f75b2aa02c59f2f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D417D76A08B128AEB74DF2294600FD2798FF847D4B564075E94EC7B85DE3EE492C320
                                                                                                                                                                                                                                                Function 00007FF69F02D1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                • Instruction ID: 83c0807e331f1c450bf51a5066df6e3aa2e1b3b9f78a20c046cf6d88829a007b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C841E262B19A8186EB70CF25E8543A9B7A8FB98784F824031EE4DC7788DF3DD445C750
                                                                                                                                                                                                                                                Function 00007FF69F02F918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                • Instruction ID: 654d6e18a816ebb189f62c1f5de70480714c040cd4c7ac549fe788d34c684de8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53210662B1828181EB30DB15D4242BD73B9FB84B88F824076DA8D83288DF7DE946C751
                                                                                                                                                                                                                                                Function 00007FF69F012C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                                • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                • Instruction ID: a645f1626d7c3142295a881adaf90d9d2db1abc0ca91e7251c2a77a97d58db96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF2183B272868581E730DB10F4A16EAB368FF84788F815135E68D87A69DF3CD205CB00
                                                                                                                                                                                                                                                Function 00007FF69F012B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                                • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                • Instruction ID: 1c3289095c0ada25edb5bfac9c48d6ec1d4ab457e5cacb55c7a36539435ef5b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F21837272868181E730DB10F4616EAB368FF84788FC15135E68D87A69DF3CD205CB00
                                                                                                                                                                                                                                                Function 00007FF69F01FE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                • Instruction ID: 5373634c2584eefcce165dac430ede3b243a3c22157b3762fc4ea2f6969b7172
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE113D32618B4182EB618F15F45026A77E9FB88B88F594274EE8C87759EF3CD551CB00
                                                                                                                                                                                                                                                Function 00007FF69F03041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.3573716347.00007FF69F011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69F010000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573689657.00007FF69F010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573756855.00007FF69F03B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F04E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573784873.00007FF69F050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F052000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F057000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.3573839574.00007FF69F066000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff69f010000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                • Instruction ID: 8142bd7fffe16a544d95cb8aeafcc84df685dfcdac9dd5c2ee2ab8dafd5e0df5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC01A2A1E1C20686FB30AF6098716BE63A8EF8570DF830075D94DC6691EF7CE655CA14

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:0%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:2
                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                execution_graph 56033 7ffe756f1490 GetSystemInfo 56034 7ffe756f14c4 56033->56034

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFE756F1490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 0 7ffe756f1490-7ffe756f14c2 GetSystemInfo 1 7ffe756f14c8-7ffe756f14d9 0->1 2 7ffe756f14c4-7ffe756f14c6 0->2 3 7ffe756f14e4-7ffe756f14f5 1->3 9 7ffe756f14db 1->9 2->3 4 7ffe756f14f7-7ffe756f14fe 3->4 5 7ffe756f1500-7ffe756f1503 3->5 7 7ffe756f1535-7ffe756f1546 4->7 5->7 8 7ffe756f1505-7ffe756f150d 5->8 12 7ffe756f1558-7ffe756f155f 7->12 13 7ffe756f1548-7ffe756f1551 7->13 10 7ffe756f1524-7ffe756f1528 8->10 11 7ffe756f150f 8->11 9->3 10->7 15 7ffe756f152a-7ffe756f1531 10->15 14 7ffe756f1513-7ffe756f1516 11->14 16 7ffe756f1565-7ffe756f1576 12->16 17 7ffe756f1561-7ffe756f1563 12->17 13->12 14->10 18 7ffe756f1518-7ffe756f1522 14->18 15->7 24 7ffe756f1578 16->24 25 7ffe756f1581 16->25 20 7ffe756f1588-7ffe756f1592 17->20 18->10 18->14 22 7ffe756f15a4-7ffe756f15a7 20->22 23 7ffe756f1594-7ffe756f15a2 20->23 27 7ffe756f15a9-7ffe756f15b1 22->27 28 7ffe756f15ef-7ffe756f15f9 22->28 26 7ffe756f15d9-7ffe756f15dc 23->26 24->25 25->20 26->28 32 7ffe756f15de-7ffe756f15ed 26->32 30 7ffe756f15c8-7ffe756f15cc 27->30 31 7ffe756f15b3 27->31 29 7ffe756f1600-7ffe756f1603 28->29 33 7ffe756f1615-7ffe756f161c 29->33 34 7ffe756f1605-7ffe756f160e 29->34 30->26 36 7ffe756f15ce-7ffe756f15d5 30->36 35 7ffe756f15b7-7ffe756f15ba 31->35 32->29 37 7ffe756f1622-7ffe756f1633 33->37 38 7ffe756f161e-7ffe756f1620 33->38 34->33 35->30 39 7ffe756f15bc-7ffe756f15c6 35->39 36->26 45 7ffe756f1635 37->45 46 7ffe756f163e 37->46 41 7ffe756f1645-7ffe756f164f 38->41 39->30 39->35 43 7ffe756f1661-7ffe756f1664 41->43 44 7ffe756f1651-7ffe756f165f 41->44 48 7ffe756f16ac-7ffe756f16b6 43->48 49 7ffe756f1666-7ffe756f166e 43->49 47 7ffe756f1696-7ffe756f1699 44->47 45->46 46->41 47->48 52 7ffe756f169b-7ffe756f16aa 47->52 53 7ffe756f16bd-7ffe756f16c0 48->53 50 7ffe756f1685-7ffe756f1689 49->50 51 7ffe756f1670 49->51 50->47 55 7ffe756f168b-7ffe756f1692 50->55 54 7ffe756f1674-7ffe756f1677 51->54 52->53 56 7ffe756f16d2-7ffe756f16d9 53->56 57 7ffe756f16c2-7ffe756f16cb 53->57 54->50 58 7ffe756f1679-7ffe756f1683 54->58 55->47 59 7ffe756f16db-7ffe756f16dd 56->59 60 7ffe756f16df-7ffe756f16f0 56->60 57->56 58->50 58->54 62 7ffe756f1702-7ffe756f170c 59->62 66 7ffe756f16fb 60->66 67 7ffe756f16f2 60->67 64 7ffe756f171e-7ffe756f1721 62->64 65 7ffe756f170e-7ffe756f171c 62->65 69 7ffe756f1769-7ffe756f1770 64->69 70 7ffe756f1723-7ffe756f172b 64->70 68 7ffe756f1753-7ffe756f1756 65->68 66->62 67->66 68->69 74 7ffe756f1758-7ffe756f1767 68->74 71 7ffe756f1777-7ffe756f177a 69->71 72 7ffe756f172d 70->72 73 7ffe756f1742-7ffe756f1746 70->73 75 7ffe756f177c 71->75 76 7ffe756f1785-7ffe756f178c 71->76 77 7ffe756f1731-7ffe756f1734 72->77 73->68 78 7ffe756f1748-7ffe756f174f 73->78 74->71 75->76 79 7ffe756f17a1-7ffe756f17ba 76->79 80 7ffe756f178e-7ffe756f17a0 76->80 77->73 81 7ffe756f1736-7ffe756f1740 77->81 78->68 81->73 81->77
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                                                                                • Opcode ID: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                • Instruction ID: f9ba3241b6b0b986532a6ea29bcabf6afef8b71e33dcf87a9640972b48b666e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BA107A6E2EB4782FE588B85E41037A6291BF55F84F140539C96E0A3F0DF7CE4918380

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00007FFE74D75180 Relevance: 103.6, APIs: 45, Strings: 14, Instructions: 370encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 83 7ffe74d75180-7ffe74d751eb _PyArg_ParseTupleAndKeywords_SizeT 84 7ffe74d751f4-7ffe74d7520c 83->84 85 7ffe74d751ed-7ffe74d751ef 83->85 87 7ffe74d75212-7ffe74d75215 84->87 88 7ffe74d75636-7ffe74d7564f PyList_New 84->88 86 7ffe74d7577f-7ffe74d75798 call 7ffe74d7f380 85->86 92 7ffe74d754e4-7ffe74d75507 CryptGetProvParam 87->92 93 7ffe74d7521b-7ffe74d7521e 87->93 89 7ffe74d75655-7ffe74d75672 CryptGetProvParam 88->89 90 7ffe74d7576c-7ffe74d75777 88->90 96 7ffe74d75731-7ffe74d7573e GetLastError 89->96 97 7ffe74d75678-7ffe74d7567f 89->97 90->86 99 7ffe74d75509-7ffe74d75511 GetLastError 92->99 100 7ffe74d75516-7ffe74d75525 malloc 92->100 94 7ffe74d75224-7ffe74d7522d 93->94 95 7ffe74d75367-7ffe74d75380 PyList_New 93->95 101 7ffe74d75345-7ffe74d75362 CryptGetProvParam PyBool_FromLong 94->101 102 7ffe74d75233-7ffe74d75246 CryptGetProvParam 94->102 95->90 105 7ffe74d75386-7ffe74d753a3 CryptGetProvParam 95->105 96->90 108 7ffe74d75740-7ffe74d75744 96->108 103 7ffe74d75680-7ffe74d756c5 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z _Py_BuildValue_SizeT 97->103 104 7ffe74d7575f-7ffe74d75766 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 99->104 106 7ffe74d75260-7ffe74d7527b PyErr_Format 100->106 107 7ffe74d7552b-7ffe74d75539 PyList_New 100->107 101->90 111 7ffe74d7524f-7ffe74d7525e malloc 102->111 112 7ffe74d75248-7ffe74d7524a 102->112 103->96 113 7ffe74d756c7-7ffe74d756d9 PyList_Append 103->113 104->90 105->96 114 7ffe74d753a9-7ffe74d753ce 105->114 106->90 115 7ffe74d7553f-7ffe74d7555b CryptGetProvParam 107->115 116 7ffe74d75628-7ffe74d75631 free 107->116 109 7ffe74d7574f-7ffe74d7575b PyErr_Occurred 108->109 110 7ffe74d75746-7ffe74d75749 _Py_Dealloc 108->110 109->90 117 7ffe74d7575d 109->117 110->109 111->106 118 7ffe74d75280-7ffe74d7529c CryptGetProvParam 111->118 112->104 119 7ffe74d7571c-7ffe74d75726 113->119 120 7ffe74d756db-7ffe74d756e2 113->120 121 7ffe74d753d0-7ffe74d75463 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z * 2 _Py_BuildValue_SizeT 114->121 122 7ffe74d75561-7ffe74d75565 115->122 123 7ffe74d755ed-7ffe74d755fa GetLastError 115->123 116->90 117->104 127 7ffe74d752a5-7ffe74d752ae 118->127 128 7ffe74d7529e-7ffe74d752a0 118->128 119->96 132 7ffe74d75728-7ffe74d7572b _Py_Dealloc 119->132 129 7ffe74d756e4-7ffe74d756e7 _Py_Dealloc 120->129 130 7ffe74d756ed-7ffe74d756f2 120->130 124 7ffe74d75465-7ffe74d75477 PyList_Append 121->124 125 7ffe74d754cf-7ffe74d754df 121->125 126 7ffe74d75570-7ffe74d75586 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z 122->126 123->116 131 7ffe74d755fc-7ffe74d75600 123->131 133 7ffe74d754ba-7ffe74d754c4 124->133 134 7ffe74d75479-7ffe74d75480 124->134 125->96 126->123 135 7ffe74d75588-7ffe74d7559a PyList_Append 126->135 137 7ffe74d75320-7ffe74d75340 PyErr_SetString free 127->137 138 7ffe74d752b0-7ffe74d752c6 127->138 136 7ffe74d7561b-7ffe74d75622 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 128->136 129->130 139 7ffe74d756f4-7ffe74d756f7 130->139 140 7ffe74d756fa-7ffe74d75714 CryptGetProvParam 130->140 141 7ffe74d75602-7ffe74d75605 _Py_Dealloc 131->141 142 7ffe74d7560b-7ffe74d75617 PyErr_Occurred 131->142 132->96 133->125 147 7ffe74d754c6-7ffe74d754c9 _Py_Dealloc 133->147 143 7ffe74d75482-7ffe74d75485 _Py_Dealloc 134->143 144 7ffe74d7548b-7ffe74d75490 134->144 145 7ffe74d7559c-7ffe74d755a3 135->145 146 7ffe74d755d8-7ffe74d755e2 135->146 136->116 137->90 138->137 139->140 140->103 148 7ffe74d7571a 140->148 141->142 142->116 149 7ffe74d75619 142->149 143->144 152 7ffe74d75492-7ffe74d75495 144->152 153 7ffe74d75498-7ffe74d754b2 CryptGetProvParam 144->153 150 7ffe74d755a5-7ffe74d755a8 _Py_Dealloc 145->150 151 7ffe74d755ae-7ffe74d755b3 145->151 146->123 154 7ffe74d755e4-7ffe74d755e7 _Py_Dealloc 146->154 147->125 148->96 149->136 150->151 155 7ffe74d755b5-7ffe74d755b8 151->155 156 7ffe74d755bb-7ffe74d755d4 CryptGetProvParam 151->156 152->153 153->121 157 7ffe74d754b8 153->157 154->123 155->156 156->126 158 7ffe74d755d6 156->158 157->125 158->123
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptError@@Keywords_ParamParseProvSizeTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: Algid$BitLen$CryptGetProvParam$CryptGetProvParam: Unable to allocate %d bytes$DefaultLen$LongName$MaxLen$MinLen$Name$Protocols$The provider parameter specified is not yet implemented$k|k:CryptGetProvParam${s:I,s:k,s:N}${s:I,s:k,s:k,s:k,s:k,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3402344487-1526417634
                                                                                                                                                                                                                                                • Opcode ID: 64309e5954085b53396aad154ef7aaad2a5761a9f961f8c1f8a6f8d5381864ba
                                                                                                                                                                                                                                                • Instruction ID: 431c2f724e2a1ee2db4f735cafe1bb50d361658b3f2547de1cf45d92a20769d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64309e5954085b53396aad154ef7aaad2a5761a9f961f8c1f8a6f8d5381864ba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82022C32A2C642CAEB518F65E8945BD37A4FB88B98F540535CAAE53B64DF3CE50D8700
                                                                                                                                                                                                                                                Function 00007FFE74D7BA90 Relevance: 66.8, APIs: 29, Strings: 9, Instructions: 325encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 629 7ffe74d7ba90-7ffe74d7bb78 PyArg_ParseTupleAndKeywords 630 7ffe74d7bb82-7ffe74d7bb9c ??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z 629->630 631 7ffe74d7bb7a-7ffe74d7bb7d 629->631 633 7ffe74d7bba2-7ffe74d7bbb1 call 7ffe74d77aa0 630->633 634 7ffe74d7bc67 630->634 632 7ffe74d7bc75-7ffe74d7bc7c 631->632 636 7ffe74d7bc85-7ffe74d7bc8c 632->636 637 7ffe74d7bc7e-7ffe74d7bc84 free 632->637 633->634 644 7ffe74d7bbb7-7ffe74d7bbc6 call 7ffe74d775f0 633->644 635 7ffe74d7bc6a-7ffe74d7bc74 ??1PyWinBufferView@@QEAA@XZ 634->635 635->632 639 7ffe74d7bc8e-7ffe74d7bc98 636->639 640 7ffe74d7bcdb-7ffe74d7bcf9 636->640 637->636 642 7ffe74d7bcd2-7ffe74d7bcd5 free 639->642 643 7ffe74d7bc9a 639->643 642->640 645 7ffe74d7bca0-7ffe74d7bcb1 643->645 644->634 650 7ffe74d7bbcc-7ffe74d7bc47 PyEval_SaveThread CryptDecodeMessage PyEval_RestoreThread 644->650 648 7ffe74d7bcb3-7ffe74d7bcc7 CertCloseStore 645->648 649 7ffe74d7bccb-7ffe74d7bcd0 645->649 648->649 649->642 649->645 651 7ffe74d7bc4d-7ffe74d7bc56 PyErr_Occurred 650->651 652 7ffe74d7bcfa-7ffe74d7bcfe 650->652 651->634 655 7ffe74d7bc58-7ffe74d7bc61 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 651->655 653 7ffe74d7bd04-7ffe74d7bd12 652->653 654 7ffe74d7bdfe-7ffe74d7be13 malloc 652->654 656 7ffe74d7bd14-7ffe74d7bd28 653->656 657 7ffe74d7bd2a-7ffe74d7bd50 call 7ffe74d7f3a0 _Py_NewReference 653->657 658 7ffe74d7be15-7ffe74d7be1e PyErr_NoMemory 654->658 659 7ffe74d7be23-7ffe74d7be96 PyEval_SaveThread CryptDecodeMessage PyEval_RestoreThread 654->659 655->634 660 7ffe74d7bd57-7ffe74d7bd5e 656->660 657->660 658->635 662 7ffe74d7bec0-7ffe74d7bece 659->662 663 7ffe74d7be98-7ffe74d7bea1 PyErr_Occurred 659->663 669 7ffe74d7bd60-7ffe74d7bd6d 660->669 670 7ffe74d7bd6f-7ffe74d7bd95 call 7ffe74d7f3a0 _Py_NewReference 660->670 666 7ffe74d7bed0-7ffe74d7bee4 662->666 667 7ffe74d7bee6-7ffe74d7bf0c call 7ffe74d7f3a0 _Py_NewReference 662->667 664 7ffe74d7bea3-7ffe74d7beac ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 663->664 665 7ffe74d7beb2-7ffe74d7bebb free 663->665 664->665 671 7ffe74d7bfcc-7ffe74d7bfd3 665->671 672 7ffe74d7bf13-7ffe74d7bf1a 666->672 667->672 674 7ffe74d7bd9c-7ffe74d7bdf9 Py_BuildValue 669->674 670->674 680 7ffe74d7bfd5 CertFreeCertificateContext 671->680 681 7ffe74d7bfdb-7ffe74d7bfe2 671->681 677 7ffe74d7bf1c-7ffe74d7bf26 672->677 678 7ffe74d7bf28-7ffe74d7bf4a call 7ffe74d7f3a0 _Py_NewReference 672->678 674->635 683 7ffe74d7bf4e-7ffe74d7bfc6 PyBytes_FromStringAndSize Py_BuildValue free 677->683 678->683 680->681 681->635 682 7ffe74d7bfe8-7ffe74d7bfee CertFreeCertificateContext 681->682 682->635 683->635 683->671
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_ReferenceThreadfree$CertErr_$BufferBuildCertificateContextCryptDecodeError@@FreeMessageOccurredRestoreSaveU_object@@ValueView@@Win_$Arg_Bytes_CloseFromKeywordsMemoryParseSizeStoreStringTupleU_object@@_malloc
                                                                                                                                                                                                                                                • String ID: CryptDecodeMessage$Decoded$InnerContentType$MsgType$OO|Okkkl:CryptDecodeMessage$SignerCert$XchgCert${s:k,s:k,s:N,s:N,s:N}${s:k,s:k,s:O,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 4057531286-845939780
                                                                                                                                                                                                                                                • Opcode ID: d163da28cbbd00dbaa565c0461f76f4231509ddc6b3ca79b9bb0bb6c89bbec9d
                                                                                                                                                                                                                                                • Instruction ID: 8c68d0225461f8147f00188943d7211f277c9c58d1f077203cacc021f08439b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d163da28cbbd00dbaa565c0461f76f4231509ddc6b3ca79b9bb0bb6c89bbec9d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7F1E436A2DB41CAE7118F65E8805B977B8FB88B88F544136DBAD13B68DF38D558C700
                                                                                                                                                                                                                                                Function 00007FFE74D7C000 Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 218encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 821 7ffe74d7c000-7ffe74d7c087 PyArg_ParseTupleAndKeywords 822 7ffe74d7c090-7ffe74d7c0aa ??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z 821->822 823 7ffe74d7c089-7ffe74d7c08b 821->823 825 7ffe74d7c10d 822->825 826 7ffe74d7c0ac-7ffe74d7c0bb call 7ffe74d777a0 822->826 824 7ffe74d7c11d-7ffe74d7c13d 823->824 827 7ffe74d7c110-7ffe74d7c11a ??1PyWinBufferView@@QEAA@XZ 825->827 826->825 830 7ffe74d7c0bd-7ffe74d7c0cb 826->830 827->824 831 7ffe74d7c0d1-7ffe74d7c0e1 ?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z 830->831 832 7ffe74d7c1a0-7ffe74d7c1df PyEval_SaveThread CryptEncryptMessage PyEval_RestoreThread 830->832 831->825 833 7ffe74d7c0e3-7ffe74d7c0f6 malloc 831->833 834 7ffe74d7c1e1-7ffe74d7c1f0 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 832->834 835 7ffe74d7c25d-7ffe74d7c26c malloc 832->835 836 7ffe74d7c13e-7ffe74d7c157 memset 833->836 837 7ffe74d7c0f8-7ffe74d7c102 PyErr_NoMemory 833->837 840 7ffe74d7c2ec-7ffe74d7c2ef 834->840 838 7ffe74d7c26e-7ffe74d7c289 PyErr_Format 835->838 839 7ffe74d7c28b-7ffe74d7c2ca PyEval_SaveThread CryptEncryptMessage PyEval_RestoreThread 835->839 842 7ffe74d7c191-7ffe74d7c195 836->842 843 7ffe74d7c159-7ffe74d7c16f 836->843 837->825 841 7ffe74d7c104-7ffe74d7c107 _Py_Dealloc 837->841 838->840 844 7ffe74d7c2dd-7ffe74d7c2e9 PyBytes_FromStringAndSize 839->844 845 7ffe74d7c2cc-7ffe74d7c2db ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 839->845 846 7ffe74d7c324-7ffe74d7c327 840->846 847 7ffe74d7c2f1-7ffe74d7c2f6 840->847 841->825 842->832 851 7ffe74d7c197-7ffe74d7c19a _Py_Dealloc 842->851 849 7ffe74d7c205-7ffe74d7c20c 843->849 850 7ffe74d7c175-7ffe74d7c17f 843->850 844->840 845->840 846->827 848 7ffe74d7c32d-7ffe74d7c336 free 846->848 852 7ffe74d7c31b-7ffe74d7c31e free 847->852 853 7ffe74d7c2f8-7ffe74d7c2fd 847->853 848->827 855 7ffe74d7c213-7ffe74d7c221 PyErr_SetString 849->855 856 7ffe74d7c1f5-7ffe74d7c203 850->856 857 7ffe74d7c181-7ffe74d7c18f CertDuplicateCertificateContext 850->857 851->832 852->846 854 7ffe74d7c300-7ffe74d7c306 853->854 858 7ffe74d7c311-7ffe74d7c319 854->858 859 7ffe74d7c308-7ffe74d7c30e CertFreeCertificateContext 854->859 860 7ffe74d7c223-7ffe74d7c229 855->860 861 7ffe74d7c24b-7ffe74d7c254 free 855->861 856->855 857->842 857->843 858->852 858->854 859->858 862 7ffe74d7c230-7ffe74d7c236 860->862 861->835 863 7ffe74d7c241-7ffe74d7c249 862->863 864 7ffe74d7c238-7ffe74d7c23e CertFreeCertificateContext 862->864 863->861 863->862 864->863
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CertCertificateContextErr_U_object@@free$BufferCryptDeallocEncryptError@@FreeMessageRestoreSaveView@@Win_malloc$Arg_DuplicateFormatKeywordsMemoryParseSequence_StringTupleTuple@@U_object@@_memset
                                                                                                                                                                                                                                                • String ID: CryptEncryptMessage$CryptEncryptMessage: Unable to allocate %d bytes$OOO:CryptEncryptMessage$Object must be of type PyCERT_CONTEXT$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 512897165-3430610400
                                                                                                                                                                                                                                                • Opcode ID: 529fe1ca38a6c0d506bb8ae2216e6dc18d2c8dfab7fcf6eccc285540f5b0a2be
                                                                                                                                                                                                                                                • Instruction ID: 877e3f18100be32a7bd130594f5d115e02a3e3e2a93e59dec6e652da66047cfd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 529fe1ca38a6c0d506bb8ae2216e6dc18d2c8dfab7fcf6eccc285540f5b0a2be
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9A12936B2DA42CAEB119F65E89027D33A5BB84B98B540135DFAE43A64DF38E54DC340
                                                                                                                                                                                                                                                Function 00007FFE74D7D6E0 Relevance: 54.4, APIs: 22, Strings: 9, Instructions: 182stringthreadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 865 7ffe74d7d6e0-7ffe74d7d763 PyArg_ParseTupleAndKeywords 866 7ffe74d7d765-7ffe74d7d78a PyLong_AsVoidPtr PyErr_Occurred 865->866 867 7ffe74d7d7ce 865->867 868 7ffe74d7d78c-7ffe74d7d7a1 PyErr_Clear PyBytes_AsString 866->868 869 7ffe74d7d7a8-7ffe74d7d7b2 866->869 870 7ffe74d7d7d0-7ffe74d7d7e8 867->870 868->867 871 7ffe74d7d7a3-7ffe74d7d7a6 868->871 872 7ffe74d7d7b4-7ffe74d7d7c8 PyErr_Format 869->872 873 7ffe74d7d7e9 869->873 874 7ffe74d7d7ec-7ffe74d7d7f8 871->874 872->867 873->874 875 7ffe74d7d813-7ffe74d7d816 874->875 876 7ffe74d7d7fa-7ffe74d7d811 PyErr_SetString 874->876 877 7ffe74d7d82b-7ffe74d7d82f 875->877 878 7ffe74d7d818-7ffe74d7d829 strcmp 875->878 876->867 879 7ffe74d7d831-7ffe74d7d842 malloc 877->879 880 7ffe74d7d876-7ffe74d7d879 877->880 878->877 878->879 883 7ffe74d7d864-7ffe74d7d871 call 7ffe74d78980 879->883 884 7ffe74d7d844 879->884 881 7ffe74d7d88e-7ffe74d7d892 880->881 882 7ffe74d7d87b-7ffe74d7d88c strcmp 880->882 887 7ffe74d7d8d0-7ffe74d7d8e1 malloc 881->887 888 7ffe74d7d894-7ffe74d7d898 881->888 882->881 882->887 893 7ffe74d7d8f9-7ffe74d7d8fb 883->893 885 7ffe74d7d848-7ffe74d7d85f PyErr_Format 884->885 885->870 891 7ffe74d7d8e3-7ffe74d7d8e7 887->891 892 7ffe74d7d8ec-7ffe74d7d8f4 call 7ffe74d77050 887->892 888->887 890 7ffe74d7d89a-7ffe74d7d8aa 888->890 894 7ffe74d7d8be-7ffe74d7d8cb PyErr_Format 890->894 895 7ffe74d7d8ac-7ffe74d7d8b9 PyErr_Format 890->895 891->885 892->893 897 7ffe74d7d8fd-7ffe74d7d954 PyEval_SaveThread CryptEncodeObjectEx PyEval_RestoreThread 893->897 898 7ffe74d7d979-7ffe74d7d97c 893->898 900 7ffe74d7d9ad-7ffe74d7d9b5 894->900 899 7ffe74d7d97e-7ffe74d7d98f strcmp 895->899 901 7ffe74d7d967-7ffe74d7d976 PyBytes_FromStringAndSize 897->901 902 7ffe74d7d956-7ffe74d7d965 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 897->902 898->899 903 7ffe74d7d991-7ffe74d7d995 898->903 899->903 904 7ffe74d7d997-7ffe74d7d99a call 7ffe74d78b40 899->904 905 7ffe74d7d9bd-7ffe74d7d9c0 900->905 906 7ffe74d7d9b7 LocalFree 900->906 901->898 902->898 903->904 907 7ffe74d7d99f-7ffe74d7d9a2 903->907 904->907 905->870 906->905 907->900 909 7ffe74d7d9a4-7ffe74d7d9a7 free 907->909 909->900
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Format$strcmp$Eval_StringThread$Arg_Bytes_ClearCryptEncodeError@@FreeKeywordsLocalLong_ObjectOccurredParseRestoreSaveTupleU_object@@VoidWin_freemalloc
                                                                                                                                                                                                                                                • String ID: %d is an invalid value for object identifier$2.5.29.15$2.5.29.37$CryptDecodeObjectEx$CryptEncodeObjectEx: Type %d is not yet supported$CryptEncodeObjectEx: Type %s is not yet supported$EncodePara not yet supported$OO|kkO:CryptEncodeObjectEx$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 3441675147-238870163
                                                                                                                                                                                                                                                • Opcode ID: c7ffe5899ebcaf9878d4f7cc2bd2bb8ef3adad906e030075b678c1cdf3a73c12
                                                                                                                                                                                                                                                • Instruction ID: 67b66f16ead86adc1e85a60f703feba9139582570dc2a4edabcbe755510ccdc8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7ffe5899ebcaf9878d4f7cc2bd2bb8ef3adad906e030075b678c1cdf3a73c12
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11810526A2DB02C5EB559B56E4A427963A8BB85B90F440035DAFE03775EF3CE94DC300
                                                                                                                                                                                                                                                Function 00007FFE74D7C8D0 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 181threadencryptionwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 949 7ffe74d7c8d0-7ffe74d7c952 PyArg_ParseTupleAndKeywords 950 7ffe74d7c958-7ffe74d7c971 ??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z 949->950 951 7ffe74d7cb97-7ffe74d7cb9e 949->951 954 7ffe74d7cb8c-7ffe74d7cb96 ??1PyWinBufferView@@QEAA@XZ 950->954 955 7ffe74d7c977-7ffe74d7c986 call 7ffe74d77aa0 950->955 952 7ffe74d7cba0 free 951->952 953 7ffe74d7cba6-7ffe74d7cbc0 951->953 952->953 954->951 955->954 958 7ffe74d7c98c-7ffe74d7c9ce PyEval_SaveThread CryptVerifyMessageSignature PyEval_RestoreThread 955->958 959 7ffe74d7c9f3-7ffe74d7c9f7 958->959 960 7ffe74d7c9d0-7ffe74d7c9d9 PyErr_Occurred 958->960 962 7ffe74d7c9f9-7ffe74d7ca00 959->962 963 7ffe74d7ca77-7ffe74d7ca86 malloc 959->963 960->954 961 7ffe74d7c9df-7ffe74d7c9ee ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 960->961 961->954 966 7ffe74d7ca02-7ffe74d7ca16 962->966 967 7ffe74d7ca18-7ffe74d7ca45 call 7ffe74d7f3a0 _Py_NewReference 962->967 964 7ffe74d7ca93-7ffe74d7cad1 PyEval_SaveThread CryptVerifyMessageSignature PyEval_RestoreThread 963->964 965 7ffe74d7ca88-7ffe74d7ca8e PyErr_NoMemory 963->965 969 7ffe74d7caf3-7ffe74d7cafa 964->969 970 7ffe74d7cad3-7ffe74d7cadc PyErr_Occurred 964->970 968 7ffe74d7cb77-7ffe74d7cb7e 965->968 971 7ffe74d7ca4c-7ffe74d7ca72 Py_BuildValue 966->971 967->971 968->954 977 7ffe74d7cb80-7ffe74d7cb83 968->977 975 7ffe74d7cb0f-7ffe74d7cb38 call 7ffe74d7f3a0 _Py_NewReference 969->975 976 7ffe74d7cafc-7ffe74d7cb0d 969->976 973 7ffe74d7cae2-7ffe74d7caf1 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 970->973 974 7ffe74d7cb6e-7ffe74d7cb71 free 970->974 971->954 973->974 974->968 979 7ffe74d7cb3c-7ffe74d7cb6b PyBytes_FromStringAndSize Py_BuildValue 975->979 976->979 977->954 981 7ffe74d7cb85-7ffe74d7cb8b CertFreeCertificateContext 977->981 979->974 981->954
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferErr_Eval_ThreadView@@$Arg_BuildCryptError@@KeywordsMessageOccurredParseRestoreSaveSignatureStringTupleU_object@@U_object@@_ValueVerifyWin_free
                                                                                                                                                                                                                                                • String ID: CryptVerifyMessageSignature$Decoded$O|kOl:CryptVerifyMessageSignature$SignerCert${s:N, s:N}${s:N, s:O}
                                                                                                                                                                                                                                                • API String ID: 1769599431-3278881437
                                                                                                                                                                                                                                                • Opcode ID: d7504339392ae67a4c528163a47179dbc2da1b7d1d0aebebeb9b463705b4a410
                                                                                                                                                                                                                                                • Instruction ID: 0e6e2dd79a02ba15f577b024944803b5e73faaeb27eba96a9a0dd31fba501b1d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7504339392ae67a4c528163a47179dbc2da1b7d1d0aebebeb9b463705b4a410
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B991C926B2DA42C9E7118FA5E4846BD33B9FB88B98B540136DA9D53B64DF38D50D8340
                                                                                                                                                                                                                                                Function 00007FFE74D7D2F0 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 207encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$BufferEval_StringThreadView@@free$Arg_CertCloseCryptDecryptError@@KeywordsMemoryMessageParseRestoreSaveSignatureStoreTupleU_object@@U_object@@_VerifyWin_malloc
                                                                                                                                                                                                                                                • String ID: CryptDecryptAndVerifyMessageSignature$Decrypted$OO|Ok:CryptDecryptAndVerifyMessageSignature$SignerCert$XchgCert${s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 1292940556-2987117642
                                                                                                                                                                                                                                                • Opcode ID: 5dc36eb81c97b1bb1a6b1c11db8528a42ea9ea6bb171914f17a4f5a012f741ed
                                                                                                                                                                                                                                                • Instruction ID: 627975cb785b4335b0a26f1194bb5c4873de5f5e28b94f9d3311649dba64b33c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dc36eb81c97b1bb1a6b1c11db8528a42ea9ea6bb171914f17a4f5a012f741ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BA12A32A2CB46C6EB118F65E8945AD77A4FB88B94F440135DEAD03B68DF3CE549C700
                                                                                                                                                                                                                                                Function 00007FFE74D4DB00 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
                                                                                                                                                                                                                                                • String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
                                                                                                                                                                                                                                                • API String ID: 3842108915-2689366622
                                                                                                                                                                                                                                                • Opcode ID: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                                • Instruction ID: 16a7bf30b07ece8f1d32381b2291fe592907eca955d52d77eaefe781711ca9cf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B518426A2EB07D5EA86DF15BCD453473A0AF88B81F551039CAAE82374EF7CA44DD341
                                                                                                                                                                                                                                                Function 00007FFE74D7E570 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 155threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Eval_FormatThread$U_object@@$BufferCryptError@@ObjectRestoreSaveStringView@@Win_$Arg_Bytes_ClearFromKeywordsLong_Object_OccurredParseTupleU_object@@_Voidfreemalloc
                                                                                                                                                                                                                                                • String ID: %d is an invalid value for object identifier$CryptFormatObject$FormatStruct must be None$OO|kkkO:CryptFormatObject$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 1738280576-2598896384
                                                                                                                                                                                                                                                • Opcode ID: 749afef5a0e22891906243e654e2439f1e3b7d6c6e9efd824715a5c57ec99ec4
                                                                                                                                                                                                                                                • Instruction ID: 7631d22b4e188d060465696ca4db209b905a45c2715c4dd2ba3c1e85eefc5639
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 749afef5a0e22891906243e654e2439f1e3b7d6c6e9efd824715a5c57ec99ec4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9771D436A2DA52CAE710CF65E4846BD33B9FB88B84B140535DE9E53B68DF38D50D8740
                                                                                                                                                                                                                                                Function 00007FFE74D79B80 Relevance: 45.6, APIs: 24, Strings: 2, Instructions: 145threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CryptEnumProviderRestoreSaveTypes$DeallocList_$AppendBuildErr_ErrorError@@LastOccurredU_object@@ValueWin_freemalloc
                                                                                                                                                                                                                                                • String ID: CryptEnumProviderTypes$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 83091446-1627254570
                                                                                                                                                                                                                                                • Opcode ID: 0e3e7ad691b5910fabc2ccf086f793931fe9c097077189e3df1aa89b791de055
                                                                                                                                                                                                                                                • Instruction ID: d609640853c20797c09bfec938e3b42fb6bd8c3dd72b83ad6c7d6887bf49fe4f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e3e7ad691b5910fabc2ccf086f793931fe9c097077189e3df1aa89b791de055
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1511863A2CA42C2FB159F25A88413963A9FB89B94F544035DBAE03B74DE3CE54D8B00
                                                                                                                                                                                                                                                Function 00007FFE74D79940 Relevance: 45.6, APIs: 24, Strings: 2, Instructions: 141threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CryptEnumProvidersRestoreSave$DeallocList_$AppendBuildErr_ErrorError@@LastOccurredU_object@@ValueWin_freemalloc
                                                                                                                                                                                                                                                • String ID: CryptEnumProviders$CryptEnumProviders: Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 397729511-1471041950
                                                                                                                                                                                                                                                • Opcode ID: a7db30330fe96b6a33faa7c652ec8790cdb55a8d45e00fec0710eead2d8aa37e
                                                                                                                                                                                                                                                • Instruction ID: 11494767e304fe0755955adb6cfcedf16039923933c3e790dd13b40c7075776e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7db30330fe96b6a33faa7c652ec8790cdb55a8d45e00fec0710eead2d8aa37e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30510823A2DB42C6EB459F26A89453D73A9FB89B95F040035DBAE07B74DE3CE54DC600
                                                                                                                                                                                                                                                Function 00007FFE74D7B6E0 Relevance: 43.9, APIs: 15, Strings: 10, Instructions: 185threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadU_object@@View@@$?init@Arg_CryptErr_Error@@FormatFreeKeywordsMem_ObjectObject_ParseQueryRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CertStore$ContentType$Context$CryptQueryObject$FormatType$Invalid input type specified: %d$Msg$MsgAndCertEncodingType$kO|kkk:CryptQueryObject${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3250035249-912245876
                                                                                                                                                                                                                                                • Opcode ID: 3c700aca4513e32823a25b9eb829c43ed6e481c25d84d293043193917cdf516e
                                                                                                                                                                                                                                                • Instruction ID: a2757b1b62460354a3a1ed8c8cebd58ea25bac5b767642520046f3c9ad3dd74f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c700aca4513e32823a25b9eb829c43ed6e481c25d84d293043193917cdf516e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12910636A2CB51CAE7118F65E8845BD77B8FB88B84B500136DBAD53B68DF38D549CB00
                                                                                                                                                                                                                                                Function 00007FFE74D7C5B0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 199encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: free$BufferCertCertificateContextEval_FreeThreadView@@$Arg_CryptEncryptError@@KeywordsMessageParseRestoreSaveSignTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CryptSignAndEncryptMessage$CryptSignAndEncryptMessage: Unable to allocate %d bytes$OOOO:CryptSignAndEncryptMessage
                                                                                                                                                                                                                                                • API String ID: 1590729463-3614423056
                                                                                                                                                                                                                                                • Opcode ID: 239f375182654795358999987579b53576f826ef8bffa5071aca2865b7c6ac64
                                                                                                                                                                                                                                                • Instruction ID: 38b61bd900ce94632d4be5f60cf24bed10774df2e4f5b8c5eb2130e49aa5f895
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 239f375182654795358999987579b53576f826ef8bffa5071aca2865b7c6ac64
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B912C27A2CA82CAE751CF65E8806BD3364FB85B98F105135EF9D53A68DF3CD5498700
                                                                                                                                                                                                                                                Function 00007FFE74D7C340 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 157encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferErr_Eval_ThreadView@@$Arg_CertCloseCryptDecryptError@@KeywordsMemoryMessageParseRestoreSaveStoreStringTupleU_object@@U_object@@_Win_freemalloc
                                                                                                                                                                                                                                                • String ID: CryptDecryptMessage$OO:CryptDecryptMessage
                                                                                                                                                                                                                                                • API String ID: 4010548360-3813015564
                                                                                                                                                                                                                                                • Opcode ID: 50e9eda5e6033dbedc52eb2204c7938d838bd99b7398df8f5a63460488bb921c
                                                                                                                                                                                                                                                • Instruction ID: a0a6b21d07dcead38de659419c369a5f27da5f24cb2214e4740953f8157264bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50e9eda5e6033dbedc52eb2204c7938d838bd99b7398df8f5a63460488bb921c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F712B26B2DA42C9E7118F65E8846BD33B4FB88B88B444535DE9E13B68DF3CD54D8300
                                                                                                                                                                                                                                                Function 00007FFE74D79430 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 144threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Free$Object_$Eval_FromLocalStringThreadU_object@@U_object@@_$Arg_BuildBytes_CryptDataErr_Error@@KeywordsParseRestoreSaveSizeTupleUnprotectValueWin_
                                                                                                                                                                                                                                                • String ID: CryptUnprotectData$O|OOOk:CryptUnprotectData$Reserved must be None
                                                                                                                                                                                                                                                • API String ID: 674621842-630361847
                                                                                                                                                                                                                                                • Opcode ID: 6cf97d5be01032a5b4a6814b7cd156d1401dc3840642159212fd2e8e79a9204a
                                                                                                                                                                                                                                                • Instruction ID: 325f3d43a15cdbe636a8fda9dc2c1d754366ab7883cf0d5c2cc807544ae62a69
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cf97d5be01032a5b4a6814b7cd156d1401dc3840642159212fd2e8e79a9204a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD710737A1CB52C6EB108F65E8841AD77A9FB89B94F140136EB9D53B28DF38D549C700
                                                                                                                                                                                                                                                Function 00007FFE74D7CE40 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 178encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: free$Err_$Eval_FormatThreadU_object@@malloc$Arg_CertCertificateContextCryptDeallocError@@FreeKeywordsMessageParseRestoreSaveSequence_SignStringTupleTuple@@Win_
                                                                                                                                                                                                                                                • String ID: CryptSignMessage$CryptSignMessage: Unable to allocate %d bytes$OO|l:CryptSignMessage
                                                                                                                                                                                                                                                • API String ID: 1961361303-3191103349
                                                                                                                                                                                                                                                • Opcode ID: 59db3c28c2b40a1225f56b5dc5b6f373e8a176168129d93bd10413435ce0135a
                                                                                                                                                                                                                                                • Instruction ID: c9a4e9e17e4f2fd10940e36b9d22b1ea9941a811336f11010cb14a8f25dc74bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59db3c28c2b40a1225f56b5dc5b6f373e8a176168129d93bd10413435ce0135a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88815B33B2DA42CAE7118F61E4902BD23A5BB88B88F544135DEAD53B68DF38E55DC740
                                                                                                                                                                                                                                                Function 00007FFE74D791D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 148threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Free$Eval_Object_StringThreadU_object@@U_object@@_$Arg_Bytes_CryptDataErr_Error@@FromKeywordsLocalMem_ParseProtectRestoreSaveSizeTupleWin_
                                                                                                                                                                                                                                                • String ID: CryptProtectData$O|OOOOk:CryptProtectData$Reserved must be None
                                                                                                                                                                                                                                                • API String ID: 4097555971-1080424852
                                                                                                                                                                                                                                                • Opcode ID: dfeac7f367cd4dbf47f1f89f7407c5d8213639fdf11e2a5d5bfd716c43963354
                                                                                                                                                                                                                                                • Instruction ID: 2712b7d0a97cf9518377baf847928b41eb7dfb5955972d1bd521a17d57bff156
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfeac7f367cd4dbf47f1f89f7407c5d8213639fdf11e2a5d5bfd716c43963354
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36711733A2CB52C6EB108B65E8805AD77B5FB89798F500135DB9D53A78DF38E589C700
                                                                                                                                                                                                                                                Function 00007FFE74D7ED00 Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 100threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$StringU_object@@$BinaryCryptError@@RestoreSaveWin_$Arg_Bytes_DeallocFreeFromKeywordsMem_Object_ParseSizeTuple
                                                                                                                                                                                                                                                • String ID: CryptStringToBinary$Nkk$Ok:CryptStringToBinary
                                                                                                                                                                                                                                                • API String ID: 1053293993-2329441234
                                                                                                                                                                                                                                                • Opcode ID: feb68fcab1a043b3069ef09b71838543b8b71f441e1ac1216f24882ce2965c5c
                                                                                                                                                                                                                                                • Instruction ID: 8e1cfffb757a100c34ca481e37ab618334486025ed7c6d7f2e66a4d8791f9f3d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: feb68fcab1a043b3069ef09b71838543b8b71f441e1ac1216f24882ce2965c5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9410736A2CA52C6EB108F51E4845AE73A8FB89B90B554136DFAD43B24DF3DD94CCB40
                                                                                                                                                                                                                                                Function 00007FFE74D7EB70 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_KeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: CryptBinaryToString$Ok:CryptBinaryToString
                                                                                                                                                                                                                                                • API String ID: 1968207123-2641875766
                                                                                                                                                                                                                                                • Opcode ID: 57841d8985c3ce89111bd2f8777ae6a3c1a00830f2a32fa54898f0c50c713a21
                                                                                                                                                                                                                                                • Instruction ID: 7630c61dea29d5004bfb34622dde11a71d0c83dc9e0f7ffdea0e6e900b45efaa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57841d8985c3ce89111bd2f8777ae6a3c1a00830f2a32fa54898f0c50c713a21
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B411926A2CA82C6E7508B52E48867D73A8FB88B81F544431DBAE43734DE3DE94DC700
                                                                                                                                                                                                                                                Function 00007FFE74D7AC80 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 105threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String$Arg_Eval_ParseThreadTupleU_object@@$Bytes_CryptError@@FindInfoKeywordsLongLong_Object_OccurredRestoreSaveWin_
                                                                                                                                                                                                                                                • String ID: CryptFindOIDInfo$Key must be a tuple of 2 ints when KeyType is CRYPT_OID_INFO_SIGN_KEY$Unrecognized key type$kO|k
                                                                                                                                                                                                                                                • API String ID: 167753082-3539979041
                                                                                                                                                                                                                                                • Opcode ID: 4ac0c776bfce34d46c55ff558e4fd961344c98023f07967c6bb72fbcfcfd0e98
                                                                                                                                                                                                                                                • Instruction ID: 269167d5a39cd3eef428f420b891a33ffee86cef08b8791058a660b4a094119b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ac0c776bfce34d46c55ff558e4fd961344c98023f07967c6bb72fbcfcfd0e98
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91413A36A2CA42C2EB118F65E89417963A4FB84B91F844035DBEE83B74EE6DE54DC700
                                                                                                                                                                                                                                                Function 00007FFE74D79DD0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 89threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CryptDefaultError@@KeywordsParseProviderRestoreSaveTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptGetDefaultProvider$Unable to allocate %d bytes$kk:CryptGetDefaultProvider
                                                                                                                                                                                                                                                • API String ID: 960520114-920100490
                                                                                                                                                                                                                                                • Opcode ID: ea048576e0ae08f73b6ce26d33c556002786b145b511da3130cae96d0308b680
                                                                                                                                                                                                                                                • Instruction ID: 59de1200e633154d964f05f07815656f63fe645fd9ebad49331636a083a24b08
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea048576e0ae08f73b6ce26d33c556002786b145b511da3130cae96d0308b680
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B741DD76A2DB41C6EB508F56A88447A73A5FBC8B94F440035EA9E03B68DF3CE54DCB00
                                                                                                                                                                                                                                                Function 00007FFE74D74880 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 120encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferCryptEncryptErr_Error@@StringU_object@@View@@Win_$Arg_Bytes_FromKeywordsMemoryParseSizeTupleU_object@@_freemalloc
                                                                                                                                                                                                                                                • String ID: CryptEncrypt$Object must be of type PyCRYPTHASH$lO|Ok:CryptEncrypt
                                                                                                                                                                                                                                                • API String ID: 3967936622-1354874914
                                                                                                                                                                                                                                                • Opcode ID: 854fd57fe716cf2d13cd7abff4e5fec7fc8d73fc4a7012ce57dd9f181feafd57
                                                                                                                                                                                                                                                • Instruction ID: f864e063b0a8764dccb6657c7b2fecfd28243f4bb80e94b3c62f3bce713a362e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 854fd57fe716cf2d13cd7abff4e5fec7fc8d73fc4a7012ce57dd9f181feafd57
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E51F837B2DA41CAE711CF65E4846AD73A8FB89B88F400535DE9E43B68DF38E5498700
                                                                                                                                                                                                                                                Function 00007FFE74D74050 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 98encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptError@@HashKeywordsParamParseTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: Hash parameter %d is not yet supported$PyCRYPTHASH::CryptGetHashParam$Unable to allocate %d bytes$k|k:CryptGetHashParam
                                                                                                                                                                                                                                                • API String ID: 4230166517-3481413517
                                                                                                                                                                                                                                                • Opcode ID: d0c78ebc272004516930a7ac71e361bfe457a31bc7ec92ddcd7bd6e59b53b5b0
                                                                                                                                                                                                                                                • Instruction ID: 3239c0b8ac609b98a7fce3f269bcceada3b9f63e3c361ee31f218ac9f909aafa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0c78ebc272004516930a7ac71e361bfe457a31bc7ec92ddcd7bd6e59b53b5b0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03410B36A2C652C2EB518F56E88447973A5FBD4BD4B444132DAAE43B68DE3CE54DCB00
                                                                                                                                                                                                                                                Function 00007FFE74D73DD0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 83encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptErr_ErrorError@@FormatHashKeywordsLastParseSignTupleU_object@@Win_malloc
                                                                                                                                                                                                                                                • String ID: CryptSignHash$PyCRYPTHASH::CryptSignHash$PyCRYPTHASH::CryptSignHash: Unable to allocate %d bytes$k|k:CryptSignHash
                                                                                                                                                                                                                                                • API String ID: 588145746-3674555972
                                                                                                                                                                                                                                                • Opcode ID: b1d4c329dbc87bcf6ffac54c0c34b34e264585350001b4afdcae90c0980beef0
                                                                                                                                                                                                                                                • Instruction ID: eeb3e501120d70276abf5f71fb1964de3e59da3d291282b31d6ca215b8a4c705
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1d4c329dbc87bcf6ffac54c0c34b34e264585350001b4afdcae90c0980beef0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB31DB32A2CB42C6DB508B15F88042AB7A4FBC8B94B440135EA9E43B28DF7CE54DCB00
                                                                                                                                                                                                                                                Function 00007FFE74D47CD0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                                • String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
                                                                                                                                                                                                                                                • API String ID: 1359849467-4100764314
                                                                                                                                                                                                                                                • Opcode ID: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                                • Instruction ID: fd8e985b87baf248c276b5b467a899432ad5d12f3627d50ca809054c4d49cb72
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45511833B2CA16C6FB558F69D8801B863A0BF44B84F445532DFAE57A64EF3CE54A9301
                                                                                                                                                                                                                                                Function 00007FFE74D74440 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 108encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptErr_Error@@ExportStringU_object@@Win_$Arg_Bytes_FormatFromKeywordsParseSizeTuplefreemalloc
                                                                                                                                                                                                                                                • String ID: CryptExportKey$Object must be of type PyCRYPTKEY$Ok|k:CryptExportKey$PyCRYPTKEY::CryptExportKey: Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 1765650860-2655833073
                                                                                                                                                                                                                                                • Opcode ID: c57962fb4aa4c87388720af4d3e30e422467e75636b8d33ad984388e77ac2610
                                                                                                                                                                                                                                                • Instruction ID: 20cf70e5e2dfdfb3f66c7ac4211e29aa05f7bf78e73e06f4e0f8368b551118fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c57962fb4aa4c87388720af4d3e30e422467e75636b8d33ad984388e77ac2610
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C41D733B6DA42C6EB118F15A88847973A5FB88B94B540135DBAD43B64DF3CD989CB00
                                                                                                                                                                                                                                                Function 00007FFE74D7AE30 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 101threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_FreeThreadU_object@@View@@$Arg_CryptError@@IdentifierKeywordsLocalMem_Object_ParsePropertyRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CryptGetKeyIdentifierProperty$Only CERT_KEY_PROV_INFO_PROP_ID is currently supported$O|kkO:CryptGetKeyIdentifierProperty
                                                                                                                                                                                                                                                • API String ID: 2865977456-415975446
                                                                                                                                                                                                                                                • Opcode ID: 2b1bcf5161fb1a5884d0f68144201125a80486a6b9e8e61f251f3e9f64a970d6
                                                                                                                                                                                                                                                • Instruction ID: 2d8617dc09bf4713417046e2db174c954ea423087553b5eb148a90ed8f319688
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b1bcf5161fb1a5884d0f68144201125a80486a6b9e8e61f251f3e9f64a970d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A441F576B29A41DAE710CF61E4845AD73B9FB88B88B504136EE9E53B28DF38D50DC740
                                                                                                                                                                                                                                                Function 00007FFE74D74A50 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 98encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferErr_StringView@@$Arg_Bytes_CryptDecryptError@@FromKeywordsMemoryParseSizeTupleU_object@@U_object@@_Win_freemallocmemcpy
                                                                                                                                                                                                                                                • String ID: CryptDecrypt$Object must be of type PyCRYPTHASH$lO|Ok:CryptDecrypt
                                                                                                                                                                                                                                                • API String ID: 298226277-2240841863
                                                                                                                                                                                                                                                • Opcode ID: a0cb2d634b7257c5143e83ae3b8c812f0e5d228740782d17957c2f9706da29e2
                                                                                                                                                                                                                                                • Instruction ID: 92d8e577eed5fe6fd801bca28fc5101c26c3e76c15884414cf0c3e3cdfae0b75
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0cb2d634b7257c5143e83ae3b8c812f0e5d228740782d17957c2f9706da29e2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1141E73662CA41C6E7218B16E88466AB3A9FBC8B90F544136DA9D43B34DF3CD949CB00
                                                                                                                                                                                                                                                Function 00007FFE74D7A8E1 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 96threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CertErr_Error@@FromKeywordsLong_OpenParseReferenceRestoreSaveStoreStringSystemTupleVoidWin_malloc
                                                                                                                                                                                                                                                • String ID: CertOpenSystemStore$Object must be of type PyCRYPTPROV$O|O:CertOpenSystemStore
                                                                                                                                                                                                                                                • API String ID: 4067469028-1076695456
                                                                                                                                                                                                                                                • Opcode ID: 59f978469c9a9d0cacfc4dfe01f52f146c6de9add0d6466229a1272143762029
                                                                                                                                                                                                                                                • Instruction ID: f9e25fa1df56936a8750395b027351f4a54416d000de3926bb8cd484117fa2bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59f978469c9a9d0cacfc4dfe01f52f146c6de9add0d6466229a1272143762029
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58410422A2CA42C2EB408B56F88413A73A9FBC4BD0B454132DBAE43B75DF3CE55D8700
                                                                                                                                                                                                                                                Function 00007FFE74D7B1B0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 94threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadU_object@@View@@$?init@Arg_CryptDeallocEnumErr_Error@@FreeIdentifierKeywordsList_Mem_Object_OccurredParsePropertiesRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CryptEnumKeyIdentifierProperties$|OkkO:CryptEnumKeyIdentifierProperties
                                                                                                                                                                                                                                                • API String ID: 3737282794-41738952
                                                                                                                                                                                                                                                • Opcode ID: f882a5ecc52b6f13ef0759ff899bfa3e76895eaf90be1632c124d10d5b7d8357
                                                                                                                                                                                                                                                • Instruction ID: b5fd928101ea06abdf55f18ff062e32610d94e1fe6d47d5383c1f7d8defb4bb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f882a5ecc52b6f13ef0759ff899bfa3e76895eaf90be1632c124d10d5b7d8357
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941E432A2CB42C6EB518F15E48466E73A9FB88B84F544136DBAD43B24DF3DD949C700
                                                                                                                                                                                                                                                Function 00007FFE74D745D0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 93encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptError@@KeywordsParamParseTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptGetKeyParam$PyCRYPTKEY::CryptGetKeyParam: Unable to allocate %d bytes$The Param specified is not yet supported$k|k:CryptGetKeyParam
                                                                                                                                                                                                                                                • API String ID: 2979963884-2192148497
                                                                                                                                                                                                                                                • Opcode ID: 63b3e6a8cfc7d89ffcf999ba19fbe1e95c3b6aa14a3ec8d973439909c2f46bf3
                                                                                                                                                                                                                                                • Instruction ID: 61653bc97dc17a1a9022bf0d29539cf45422020bb95c63fe60beeaa5eceb2d64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63b3e6a8cfc7d89ffcf999ba19fbe1e95c3b6aa14a3ec8d973439909c2f46bf3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7941FC76A2C642C2DB118F55F48447D77A4FBC4B94F440132DA9D43B68DE7CE549CB00
                                                                                                                                                                                                                                                Function 00007FFE74D72D50 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$AcquireArg_CertificateCryptErr_Error@@KeywordsParsePrivateRestoreSaveStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptAcquireCertificatePrivateKey$CryptContextAddRef$The certificate context has been closed$|k:CryptAcquireCertificatePrivateKey
                                                                                                                                                                                                                                                • API String ID: 312824557-475845844
                                                                                                                                                                                                                                                • Opcode ID: 8188dcf4b10e21f96afa8e204f2dd8c488a0504f21b421fcedb107b6115b20fb
                                                                                                                                                                                                                                                • Instruction ID: 600a667c401375739ac7376c622594da68b076aaf3880cfa5a1fe235a2683600
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8188dcf4b10e21f96afa8e204f2dd8c488a0504f21b421fcedb107b6115b20fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F331D666A2CB42C2EB008B15E8845BA73A5FBC4B94F444131DBAE43B74EF3CE15DC640
                                                                                                                                                                                                                                                Function 00007FFE74D7D0F0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 134threadencryptionwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: free$BufferErr_Eval_ThreadU_object@@View@@$Arg_CryptDeallocDetachedError@@FormatKeywordsMessageParseRestoreSaveSequence_SignatureStringTupleTuple@@U_object@@_VerifyWin_malloc
                                                                                                                                                                                                                                                • String ID: CryptVerifyDetachedMessageSignature$kOO|O:CryptVerifyDetachedMessageSignature
                                                                                                                                                                                                                                                • API String ID: 302554843-3659002915
                                                                                                                                                                                                                                                • Opcode ID: a1c60f90848cda4e3db20f668b8c810f88959e7da3c12ecf2f6af09163fbbab0
                                                                                                                                                                                                                                                • Instruction ID: 5b0367b9b3c0f8253c47b6b34a1b9a8e86a977a216f5776c93cc0f888f5a0a91
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1c60f90848cda4e3db20f668b8c810f88959e7da3c12ecf2f6af09163fbbab0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E51F936B2DA42C9E7519FA1E4906AD3378FB84B88B540136DFAD53B68DE38D54AC340
                                                                                                                                                                                                                                                Function 00007FFE74D7CBD0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_Err_KeywordsParseStringTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: CryptGetMessageCertificates$Object must be of type PyCRYPTPROV$O|kOk:CryptGetMessageCertificates
                                                                                                                                                                                                                                                • API String ID: 1311799886-560882271
                                                                                                                                                                                                                                                • Opcode ID: 835523c4e059ec7b59041206d1836cb957d9e823d62a26903d0dd342007ea30e
                                                                                                                                                                                                                                                • Instruction ID: 6485c3cffa60c1d41b2d1261a8de368cc264a3ee3555665e91e37d023d6357f5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835523c4e059ec7b59041206d1836cb957d9e823d62a26903d0dd342007ea30e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19410536A2CB45C6E7118B16E88466E77A9FB84B90F504136DBAE03B74DF3CE949C700
                                                                                                                                                                                                                                                Function 00007FFE74D797B0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$U_object@@$Eval_FreeThread$AcquireArg_ContextCryptError@@KeywordsParseRestoreSaveTupleWin_
                                                                                                                                                                                                                                                • String ID: CryptAcquireContext$OOkk:CryptAcquireContext
                                                                                                                                                                                                                                                • API String ID: 1988381298-841591711
                                                                                                                                                                                                                                                • Opcode ID: 9b3906e1e79348b0954fcde9924c73940af9ca0931de624638e19f94e15e5ad8
                                                                                                                                                                                                                                                • Instruction ID: 4d224d03d48cacd5d7192a823aa8f89a7ee343c0fdc555c260bbb2e882e02f35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b3906e1e79348b0954fcde9924c73940af9ca0931de624638e19f94e15e5ad8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D41D533A1CA42C2EB608B65E8847B973A9FB89B90F454176DAED43A64DF3CD54DC700
                                                                                                                                                                                                                                                Function 00007FFE74D75890 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_FormatKeywords_ParseSizeTuplemalloc
                                                                                                                                                                                                                                                • String ID: CryptGenRandom: Unable to allocate %zd bytes$PyCRYPTPROV::CryptGenRandom$k|z#
                                                                                                                                                                                                                                                • API String ID: 1718167496-62374806
                                                                                                                                                                                                                                                • Opcode ID: f1ef6c83ff69561fdda2f94dfe968d2028b42aa998afe3ceeffd7657a54e8301
                                                                                                                                                                                                                                                • Instruction ID: e8981779149cc13f4d3e583754b73b803417677e5346cdb03851746484c25250
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1ef6c83ff69561fdda2f94dfe968d2028b42aa998afe3ceeffd7657a54e8301
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17313D22B1CA46C2EB018B56A8940B973A9FB85BD4B594035DFAE43B24DE3CD54A8B00
                                                                                                                                                                                                                                                Function 00007FFE74D75C70 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 81encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptError@@ExportInfoKeywords_ParsePublicSizeTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptExportPublicKeyInfo$CryptExportPublicKeyInfo: Unable to allocate %d bytes$k|k:CryptExportPublicKeyInfo
                                                                                                                                                                                                                                                • API String ID: 4146695621-84361842
                                                                                                                                                                                                                                                • Opcode ID: a46ff1bf334687dffd8b452e5c82d80f37b7ea88bbefe5753632c3487b69eca2
                                                                                                                                                                                                                                                • Instruction ID: 8cf532bbfbd54bee0cd90d670a6dd68d04160280ad3e03391dc59c13be034d84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a46ff1bf334687dffd8b452e5c82d80f37b7ea88bbefe5753632c3487b69eca2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5431EA32A2C742C2EB418F56F89447AA7A5FBC4BD4F444135EA9E43B68DE7CE54D8B00
                                                                                                                                                                                                                                                Function 00007FFE74D79F30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CryptError@@KeywordsParseProviderRestoreSaveTupleWin_
                                                                                                                                                                                                                                                • String ID: CryptSetProviderEx$Okk:CryptSetProviderEx
                                                                                                                                                                                                                                                • API String ID: 1842323616-1750013035
                                                                                                                                                                                                                                                • Opcode ID: 09490465793072fad0f82b44c9d73fb64c1f858d60602b23e27f16e1f03fefd2
                                                                                                                                                                                                                                                • Instruction ID: 0f2d30b82e590773b9a3fe5ffbc3af75fa04fec28bce68b6a7b2ef907ae87b34
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09490465793072fad0f82b44c9d73fb64c1f858d60602b23e27f16e1f03fefd2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D631C736B1CA56C2E7109B15F88457D73A9FB88B90B550136DBAD43724DE3DD989CB00
                                                                                                                                                                                                                                                Function 00007FFE74D7CD50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_KeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: CryptGetMessageSignerCount$O|k:CryptGetMessageSignerCount
                                                                                                                                                                                                                                                • API String ID: 1968207123-858434672
                                                                                                                                                                                                                                                • Opcode ID: e5cf6f15e7c78ed4ba13301852dc586db90f3aceb84abc520403988347c0fcfe
                                                                                                                                                                                                                                                • Instruction ID: 82b09dfe56a46cf91db23c2fc90c3da78c1a49c3abab42f688e9361f076026ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5cf6f15e7c78ed4ba13301852dc586db90f3aceb84abc520403988347c0fcfe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8213E22B2CA41C6EB508B25F8947BD23A5FB89B90F540131CBAE43664DF3DD95DC700
                                                                                                                                                                                                                                                Function 00007FFE74D7B3D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 54threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CryptDeallocEnumErr_Error@@InfoKeywordsList_OccurredParseRestoreSaveTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptEnumOIDInfo$|k:CryptEnumOIDInfo
                                                                                                                                                                                                                                                • API String ID: 2345210855-1370177178
                                                                                                                                                                                                                                                • Opcode ID: dbe3845c8ecfaa5525518964d89635d29fece2b650c9c74b2c3aa3fb2ea2c089
                                                                                                                                                                                                                                                • Instruction ID: af248a530dbb96847e50cf18e4e0c8d2cebbae89b2cb64c479b25ec4ba0f8ad7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbe3845c8ecfaa5525518964d89635d29fece2b650c9c74b2c3aa3fb2ea2c089
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B112C26A2CB56C2EB059F65B4C417963A4BF99B98F040435CBAD43774DE3CE54D8700
                                                                                                                                                                                                                                                Function 00007FFE74D75B00 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_CryptErr_Error@@ImportKeywords_ParseSizeStringTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                                • String ID: Object must be of type PyCRYPTKEY$O|Ok$PyCRYPTPROV::CryptImportKey
                                                                                                                                                                                                                                                • API String ID: 3946236484-248037244
                                                                                                                                                                                                                                                • Opcode ID: 150e863f0ccaa55e711e71abb19d8d68f37ffdd8d7e8b708431f9d03f65cd727
                                                                                                                                                                                                                                                • Instruction ID: a5412be88259f5c4c06910e7d68d46e7e407f434c418f69153ce4d74d8287b62
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 150e863f0ccaa55e711e71abb19d8d68f37ffdd8d7e8b708431f9d03f65cd727
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7741072262CA82C5EB618F55E8907BA73A9FB88B84F544036DBDD43B64DF3CD548C700
                                                                                                                                                                                                                                                Function 00007FFE74D75DB0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 77encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Keywords_ParseSizeTuple$CryptErr_Error@@FromImportInfoLong_PublicReferenceStringU_object@@VoidWin_malloc
                                                                                                                                                                                                                                                • String ID: CryptImportPublicKeyInfo$O&O&:CERT_PUBLIC_KEY_INFO$Object used to construct a CERT_PUBLIC_KEY_INFO must be a dict$O|k:CryptImportPublicKeyInfo
                                                                                                                                                                                                                                                • API String ID: 3506324900-3524712216
                                                                                                                                                                                                                                                • Opcode ID: 3f776e6d1ee4eeed320d9dccd80c9aec54f6ed9bffa71e6fe81b16fe1f780591
                                                                                                                                                                                                                                                • Instruction ID: 6dd468b15fac57c4f56c380e13fac2c52a5790fbdf6c4afab1ebf6848a1a218b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f776e6d1ee4eeed320d9dccd80c9aec54f6ed9bffa71e6fe81b16fe1f780591
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA411722A2CB82C1EB50CB61E8807BA63A4FB84B84F554136DBED03665EF3CD58DC700
                                                                                                                                                                                                                                                Function 00007FFE74D73F20 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_CryptErr_Error@@KeywordsParseSignatureStringTupleU_object@@U_object@@_VerifyWin_
                                                                                                                                                                                                                                                • String ID: OO|k:CryptVerifySignature$Object must be of type PyCRYPTKEY$PyCRYPTHASH::CryptVerifySignature
                                                                                                                                                                                                                                                • API String ID: 1262447337-1335157759
                                                                                                                                                                                                                                                • Opcode ID: 06c6f6a7b99eb60739cb97881bfe4fe0f4e57baa07de03f97ef0fed7c968a44b
                                                                                                                                                                                                                                                • Instruction ID: 5bbde54bc564f207e2eabddf2d44743bf3022a06bcbace4fe068a5e8b0c10586
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06c6f6a7b99eb60739cb97881bfe4fe0f4e57baa07de03f97ef0fed7c968a44b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE31F636A1CA46C2EB208F55E89467973A8FB88BD0F944136CAAD43764DF3DD94DC700
                                                                                                                                                                                                                                                Function 00007FFE74D759C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CreateCryptErr_Error@@HashKeywords_ParseReferenceSizeStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: I|Ok$Object must be of type PyCRYPTKEY$PyCRYPTPROV::CryptCreateHash
                                                                                                                                                                                                                                                • API String ID: 121666029-682297043
                                                                                                                                                                                                                                                • Opcode ID: 14904c4672b481856e68b5c676c51127c54591b212018fc85a7acc6b524349fa
                                                                                                                                                                                                                                                • Instruction ID: 40a1b41b7bdea9d42aa9bd6b1e9f084fc2863dfc3f68476f0629cc0f33672a33
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14904c4672b481856e68b5c676c51127c54591b212018fc85a7acc6b524349fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E931A726A1CA46C6EB608B15F8801A973A9FB88B94F544136DBAD43B74DF3CD599CB00
                                                                                                                                                                                                                                                Function 00007FFE74D7A040 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 50threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$Eval_ThreadU_object@@$Arg_CryptFindFreeFromKeywordsLocalizedNameParseRestoreSaveTuple
                                                                                                                                                                                                                                                • String ID: O:CryptFindLocalizedName
                                                                                                                                                                                                                                                • API String ID: 2786140858-1113378710
                                                                                                                                                                                                                                                • Opcode ID: 4b3e615602d8484f7a8c4103ac7480439bc4b772cfae728c8e703da30a22d1d4
                                                                                                                                                                                                                                                • Instruction ID: 2e90e2d3a7db0c0f592d4c884ee9fe8128648dd46c1376afdb51bb6d89d47fad
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b3e615602d8484f7a8c4103ac7480439bc4b772cfae728c8e703da30a22d1d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A311A726A2CB42C1EB159B56A89457A73A4FB89BD4B840035DBAE43B64DE3CE51DC700
                                                                                                                                                                                                                                                Function 00007FFE758518A0 Relevance: 13.9, APIs: 9, Instructions: 424COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3719493655-0
                                                                                                                                                                                                                                                • Opcode ID: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                                                                • Instruction ID: 526ae3a75a347799fbdf104d8b43e6e3b65a23457b0254aec48931789fcc3f65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B020473B2CB8683FB258F14D454679B7A1EB85F84F544231D6AE867A4EE3DE840E340
                                                                                                                                                                                                                                                Function 00007FFE75853068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                                • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                                                                • Instruction ID: 84a0201d94e2ea4328293cb45bda7ab24c4a78c19b55ea57ebdd0a201429953f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE315D73619B8586FB609F64E8503EEB361FB84B44F44443ADA5E47AA8DF3CD648C710
                                                                                                                                                                                                                                                Function 00007FFE78471960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582290860.00007FFE78471000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE78470000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582272911.00007FFE78470000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582307436.00007FFE78473000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582323693.00007FFE78475000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78470000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                                • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                • Instruction ID: 17787b0c69a8b6d56b6d239bb586d044289b14507399bcec8a368ee0a3c88621
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16318273614B8189EB608F61E8403ED7770FB54744F54443ADA9E437A8EF78D648C704
                                                                                                                                                                                                                                                Function 00007FFE74D8036C Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                                • Opcode ID: 0d621db73e2451174b8f13a3115516f9f3e1f0dbbb20f8bdf6535f71ef20c50d
                                                                                                                                                                                                                                                • Instruction ID: 4d117ae4cfac93f90118d60de50ff97e6164e867673e96bf2908bb1f9c81b759
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d621db73e2451174b8f13a3115516f9f3e1f0dbbb20f8bdf6535f71ef20c50d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30311773619B81C6EB609F60E8807FE63A8FB84744F44443ADB9E47AA9DF38D54C8700
                                                                                                                                                                                                                                                Function 00007FFE78451960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582072210.00007FFE78451000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE78450000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582054414.00007FFE78450000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582090123.00007FFE78454000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582106730.00007FFE78455000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582123217.00007FFE78456000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78450000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 313767242-0
                                                                                                                                                                                                                                                • Opcode ID: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                                                                • Instruction ID: 2403700a1a73f779709e3986b6b55f1d4e78520db7413a9f7cfb3b0a765e7503
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd5be0b42e6e7f0319df2977d08f00477f2cc742b936249396d47c5008990bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D318E73618B8189EB608F61E8503ED3770FB94748F64403ADA5E47BA8EF78D648D708
                                                                                                                                                                                                                                                Function 00007FFE756E77C4 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 425COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                                • String ID: -$-Inf$0123456789ABCDEF0123456789abcdef$NaN$VUUU$gfff$null
                                                                                                                                                                                                                                                • API String ID: 2221118986-3207396689
                                                                                                                                                                                                                                                • Opcode ID: af73fd97df12b0cb68ea068138ad00953fbec6a3a5724eb1a500301cc5c283e8
                                                                                                                                                                                                                                                • Instruction ID: 22a8e9787f7972935736ae2850cb253c3e4d329ecb4c44c677e22a8ecb6e8bb8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af73fd97df12b0cb68ea068138ad00953fbec6a3a5724eb1a500301cc5c283e8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19F12463A2E3C786F7658AA8954077F7BA1FB51F44F240132DAAD476E2DE2CE845C700
                                                                                                                                                                                                                                                Function 00007FFE7570D7C0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 403COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                                • String ID: Bad ptr map entry key=%u expected=(%u,%u) got=(%u,%u)$Failed to read ptrmap key=%u$Freelist: $Page %u: never used$Page %u: pointer map referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
                                                                                                                                                                                                                                                • API String ID: 2221118986-741541785
                                                                                                                                                                                                                                                • Opcode ID: 47e708a9b2cd1ce954ac55090724bb7a2ab165dfa4cac61b29933a9d17c3da3a
                                                                                                                                                                                                                                                • Instruction ID: 1394d6a01f77ec8842f0257a876a2f365486478c28f942c0b634c73a1b7c471a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47e708a9b2cd1ce954ac55090724bb7a2ab165dfa4cac61b29933a9d17c3da3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B802BE73A297528AE750CB25E4906BD77E1FB84B54F14013ADA6E47BA4DF7CE841CB00
                                                                                                                                                                                                                                                Function 00007FFE74D73C20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Arg_CryptDataHashKeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: CryptHashData$O|k:CryptHashData
                                                                                                                                                                                                                                                • API String ID: 1059791976-129170221
                                                                                                                                                                                                                                                • Opcode ID: 022555b1d2a47e109d17496450a483fe2e678d209db8057d08837a228a726357
                                                                                                                                                                                                                                                • Instruction ID: 1d6632d761596b65bd1fba2543a461e7ce289339dbfc23e95663ee04bca359b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 022555b1d2a47e109d17496450a483fe2e678d209db8057d08837a228a726357
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58211626B2CA46C6EB608F16E8C4BB97364FB84B84F844036DBAE43664DE3DD55DC700
                                                                                                                                                                                                                                                Function 00007FFE74D73D10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 49encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptErr_Error@@HashKeywordsParseSessionStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptHashSessionKey$Object must be of type PyCRYPTKEY$O|k:CryptHashSessionKey
                                                                                                                                                                                                                                                • API String ID: 4245653644-2666860678
                                                                                                                                                                                                                                                • Opcode ID: 8b021e1cc2b7b42ea41876d4d9fe3cec59e3aa5bc4e6634ef9bdb5227fc97f14
                                                                                                                                                                                                                                                • Instruction ID: 5e3e61d6238c695ffedb5a1a8bdf22c99708fdc64ae24062bd0f09fcae773822
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b021e1cc2b7b42ea41876d4d9fe3cec59e3aa5bc4e6634ef9bdb5227fc97f14
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA11E766A2CA46C2EB108F56E880079B3A5FBC4B94B588436CAAD43674DF3CD59DC700
                                                                                                                                                                                                                                                Function 00007FFE758512F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4139299733-0
                                                                                                                                                                                                                                                • Opcode ID: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                                                                • Instruction ID: 6562342d3182447b9f9a0bbd87069efd7b3f91b2e74525d84d57285ac9ac0be6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE1CE73E3C75683FB248F15D414679A7A6FB40F94F540135EAAE826A0EF2DE841E740
                                                                                                                                                                                                                                                Function 00007FFE74D7476B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptDuplicateKeywordsParseTuple
                                                                                                                                                                                                                                                • String ID: CryptDuplicateKey$|kk:CryptDuplicateKey
                                                                                                                                                                                                                                                • API String ID: 2077482966-1662090741
                                                                                                                                                                                                                                                • Opcode ID: 368c455e64a3f42e4d6226387d1060164349f84e9b2d360627ca105eff0a8cda
                                                                                                                                                                                                                                                • Instruction ID: e2a0c0f453f749ba89070105ea6104dcc337c99341692aafb3b0fd6b27191161
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368c455e64a3f42e4d6226387d1060164349f84e9b2d360627ca105eff0a8cda
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D315072A1C781C6D7428F66F49006A7BA0FB89B94B444036EBDD83729DE7CD599CB40
                                                                                                                                                                                                                                                Function 00007FFE74D750A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptErrorError@@FromKeywords_LastLong_ParseReferenceSizeTupleU_object@@VoidWin_malloc
                                                                                                                                                                                                                                                • String ID: CryptGenKey$Ik|k:CryptGenKey
                                                                                                                                                                                                                                                • API String ID: 3083420793-1888919388
                                                                                                                                                                                                                                                • Opcode ID: 9f7425452ab4e4cd30248d620a79957d2c730cbb66ae7f357fb85ad776e53577
                                                                                                                                                                                                                                                • Instruction ID: 7d94be75eb8db32acb4d13c4f646d843a997415c787fd8700d4049a2aa409c0e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f7425452ab4e4cd30248d620a79957d2c730cbb66ae7f357fb85ad776e53577
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01213C32B1C641C6EB108F29E4845AE73A4FB88BD0F54013ADBAD83B64DF39D589CB00
                                                                                                                                                                                                                                                Function 00007FFE74D73B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptDuplicateHashKeywordsParseReferenceTuple
                                                                                                                                                                                                                                                • String ID: CryptDuplicateHash$|k:CryptDuplicateHash
                                                                                                                                                                                                                                                • API String ID: 3054858463-1283885492
                                                                                                                                                                                                                                                • Opcode ID: 4070d77280b09c38ca55f11715dd56b6e867cee0768cef66e74ce0bf851ebec5
                                                                                                                                                                                                                                                • Instruction ID: fc0c07b50b7c34c85ed15790887b2f70f4a9e7d09acfad3bb89d9cbab7cde7b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4070d77280b09c38ca55f11715dd56b6e867cee0768cef66e74ce0bf851ebec5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB11F96261CB46C2DB408B56F9801A9A3A4FBC4BD0B444035DBAE43B28EF7CD599C740
                                                                                                                                                                                                                                                Function 00007FFE756E74B1 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 403COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
                                                                                                                                                                                                                                                • API String ID: 0-2031831958
                                                                                                                                                                                                                                                • Opcode ID: fb54a0c179caa17773880983dc6a8eccc5c567f5f9aeb018be3315aa168a96dc
                                                                                                                                                                                                                                                • Instruction ID: 489e3e8915fe2880ec46c414d1d504d104ce06e0f4d535c0f4d9878c83bc98ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb54a0c179caa17773880983dc6a8eccc5c567f5f9aeb018be3315aa168a96dc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF10F63A2A7C685EB65CB68E05067F7BA5FB85F84F244034DA9E43765EE3CE801C700
                                                                                                                                                                                                                                                Function 00007FFE74D75020 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ContextCryptError@@Keywords_ParseReleaseSizeTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptReleaseContext$|k:CryptReleaseContext
                                                                                                                                                                                                                                                • API String ID: 2608048266-3508415085
                                                                                                                                                                                                                                                • Opcode ID: 5460e094ae8fd093000602e64b8c80609c19f5adb80d0ee1e33eff2ff0ba376d
                                                                                                                                                                                                                                                • Instruction ID: 682d37ddafdec5f43201360200042de161d74fd07a1c6e77efaffefe8678915d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5460e094ae8fd093000602e64b8c80609c19f5adb80d0ee1e33eff2ff0ba376d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E301F666B2CA46C2EB018F15E8845BA73A9BF85B84F580432CEAD47774DF3CE55DC640
                                                                                                                                                                                                                                                Function 00007FFE74D757A1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON312 ref: 00007FFE74D75820
                                                                                                                                                                                                                                                • CryptGetUserKey.ADVAPI32 ref: 00007FFE74D75836
                                                                                                                                                                                                                                                • ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z.PYWINTYPES312 ref: 00007FFE74D75873
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D7F3A0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE74D713A4), ref: 00007FFE74D7F3BA
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D743A0: _Py_NewReference.PYTHON312 ref: 00007FFE74D743C3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D743A0: PyLong_FromVoidPtr.PYTHON312 ref: 00007FFE74D743D7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CryptError@@FromKeywords_Long_ParseReferenceSizeTupleU_object@@UserVoidWin_malloc
                                                                                                                                                                                                                                                • String ID: PyCRYPTPROV::CryptGetUserKey
                                                                                                                                                                                                                                                • API String ID: 828709316-2956425817
                                                                                                                                                                                                                                                • Opcode ID: 5f0301d82cd47443186b490893928e1679d73bc596bea04650290d08533e23e0
                                                                                                                                                                                                                                                • Instruction ID: df2f780988a96f4a3dde6ec0d3a18051c81ccbac008833c43e65dda6e5048040
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f0301d82cd47443186b490893928e1679d73bc596bea04650290d08533e23e0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8921B5A3A5C781C3EB028F61A4901AD77A0FB85B94F4A4036DB9A82B55EE7CD54BC700
                                                                                                                                                                                                                                                Function 00007FFE78452EC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 287COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582072210.00007FFE78451000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE78450000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582054414.00007FFE78450000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582090123.00007FFE78454000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582106730.00007FFE78455000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582123217.00007FFE78456000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78450000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: _wassert
                                                                                                                                                                                                                                                • String ID: OCB_ENCRYPT==direction || OCB_DECRYPT==direction$src/raw_ocb.c
                                                                                                                                                                                                                                                • API String ID: 3234217646-1106498308
                                                                                                                                                                                                                                                • Opcode ID: ddeedef12c1ef7fa4d75bd60d448608951ac31ebe48abe77ebb84aad0c84ac2c
                                                                                                                                                                                                                                                • Instruction ID: c135d79aed43588d9b66556a65a83249fdcfd76d8ea9a50c04e7e5af0f57c752
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddeedef12c1ef7fa4d75bd60d448608951ac31ebe48abe77ebb84aad0c84ac2c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25E13A5310D6D049C3168F7690206BE7FB0DB2BA59F4D80B7EBE88E54BD548C354EB2A
                                                                                                                                                                                                                                                Function 00007FFE74D73B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDestroyError@@HashU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CryptDestroyHash
                                                                                                                                                                                                                                                • API String ID: 2307853852-174375392
                                                                                                                                                                                                                                                • Opcode ID: cb8d0ebaefb7939d39ecce326341e34753a64aeccf252a0a690beace87ac4ce3
                                                                                                                                                                                                                                                • Instruction ID: 0405a0da97a3c4317e374541ad7567ee1eeaae4c843ef233c8b52a1a8a887069
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb8d0ebaefb7939d39ecce326341e34753a64aeccf252a0a690beace87ac4ce3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7E0B616F2D903C2EB195B16DCC127822A5BFC8B81B984431C6AD46270DE2CE55EC300
                                                                                                                                                                                                                                                Function 00007FFE74D742E0 Relevance: 4.5, APIs: 3, Instructions: 25encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$CryptDestroy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3653355852-0
                                                                                                                                                                                                                                                • Opcode ID: 91daf49f7d5ab971fe7f46c0c446294560ca36e4e9ee46e4967fe6372630da27
                                                                                                                                                                                                                                                • Instruction ID: febf6ed8de09cb6924f02368a266add5da15492d28b19447fb60ba5416487997
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91daf49f7d5ab971fe7f46c0c446294560ca36e4e9ee46e4967fe6372630da27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85F01227EAE602C1FF1B9F75989953813649F95F51F180130CBAE066708E2DDE4D8340
                                                                                                                                                                                                                                                Function 00007FFE74D74340 Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$CryptDestroy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3653355852-0
                                                                                                                                                                                                                                                • Opcode ID: c095663b07b678a5d59c45177ed9b488a6844b78377cd47bd64e241fb3f58c5d
                                                                                                                                                                                                                                                • Instruction ID: 9440bc593b7fe706f262f48eb17f4bfe3eabe72e49b764b40b91e777d0de77ad
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c095663b07b678a5d59c45177ed9b488a6844b78377cd47bd64e241fb3f58c5d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3F01C23EAE602C1EF1B9F7598D91382364EF94F50F184031CBAE462648E2DE54A8350
                                                                                                                                                                                                                                                Function 00007FFE74D74E70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCrypt
                                                                                                                                                                                                                                                • String ID: CryptMsgClose
                                                                                                                                                                                                                                                • API String ID: 1563465135-1998627854
                                                                                                                                                                                                                                                • Opcode ID: 5e552c3615fd4da92b0775aa04e9489a512d365694d95bae5d1d9bf5a87412af
                                                                                                                                                                                                                                                • Instruction ID: 6403052714d23802f265514578cd612f8fb76544c12e423df72add2e8661f4da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e552c3615fd4da92b0775aa04e9489a512d365694d95bae5d1d9bf5a87412af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DE0B626F2C906C1E7158F1AECC10393375FBC4B98B440132C6AD46271DE2C916E8300
                                                                                                                                                                                                                                                Function 00007FFE74D74400 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDestroy
                                                                                                                                                                                                                                                • String ID: CryptDestroyKey
                                                                                                                                                                                                                                                • API String ID: 1712904745-3992593795
                                                                                                                                                                                                                                                • Opcode ID: ba3e0b2597dd4587586221e6aee1bad60158ce0d55d80330725214758ec9117e
                                                                                                                                                                                                                                                • Instruction ID: 11aaf069a0d1a68866b8758a01959aaefe6b229bb4f9b979e31f1c73fd397de4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba3e0b2597dd4587586221e6aee1bad60158ce0d55d80330725214758ec9117e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDE0B626F6CA06C1E7158B0AECC51382375BBC4B88F404032CAAD42231DE2C956E8300
                                                                                                                                                                                                                                                Function 00007FFE74D74D80 Relevance: 3.0, APIs: 2, Instructions: 21encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCryptDealloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3014539515-0
                                                                                                                                                                                                                                                • Opcode ID: 5d02c0dbcc40e88b3e96b639863166f8533a39c3f4aab9f9ca2d09e41ea957bf
                                                                                                                                                                                                                                                • Instruction ID: 8c76c2ef2b07117540955d4f0cf8605ee2c8a2b5c25b041b36807824ff1fada0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d02c0dbcc40e88b3e96b639863166f8533a39c3f4aab9f9ca2d09e41ea957bf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1E04827F6F502D5FF6B9BA1A4D827C12509F84F51F048530CFEE466708E2D955D4310
                                                                                                                                                                                                                                                Function 00007FFE74D74DD0 Relevance: 3.0, APIs: 2, Instructions: 20encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCryptDealloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3014539515-0
                                                                                                                                                                                                                                                • Opcode ID: 9f3bb95fe3af21acaab6c0969d34fa2749d94b67e219884f0b1a693d4ac2b9e5
                                                                                                                                                                                                                                                • Instruction ID: f575907a4a4b49131ba80a486174e0206888f06ac8b7ed7199a23d953d8b6de5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f3bb95fe3af21acaab6c0969d34fa2749d94b67e219884f0b1a693d4ac2b9e5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81E04816B6E606C2EF2B5F65549413822109F84F55F044534CEBE4B3608E2DD55E4310
                                                                                                                                                                                                                                                Function 00007FFE74D74290 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3617616757-0
                                                                                                                                                                                                                                                • Opcode ID: 81a4da3b7a2ab072117ef20d2e7a7f0996d5d6ba7464b12c29a126a3fd94d005
                                                                                                                                                                                                                                                • Instruction ID: d29d1561e7fa76ce4c99923a11580e208d1a61dbe2008913f44e5840aa2bff13
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81a4da3b7a2ab072117ef20d2e7a7f0996d5d6ba7464b12c29a126a3fd94d005
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6E0ED33E6E912D1EF5A8F7598985382364EF94F54F140531CF6D462648E2DD55E8310
                                                                                                                                                                                                                                                Function 00007FFE74D74D40 Relevance: 1.5, APIs: 1, Instructions: 18encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseCrypt
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1563465135-0
                                                                                                                                                                                                                                                • Opcode ID: f6555452191fdb46917964384bf986ff86385d8f4fd587837f085609c497695f
                                                                                                                                                                                                                                                • Instruction ID: 123accecbef674f6bdc289ee96d433a20a2ed4abe34bd955b598e7d1fd98c408
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6555452191fdb46917964384bf986ff86385d8f4fd587837f085609c497695f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49E0EC63E2E902D2EF6B8BA594955342264EF98F14B088531CBBD4A2748F2C95AA8704
                                                                                                                                                                                                                                                Function 00007FFE74D74F20 Relevance: 1.5, APIs: 1, Instructions: 14encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 829835001-0
                                                                                                                                                                                                                                                • Opcode ID: 0197b9301d15caa48b8628b74f4432df05e4852399c126c7a36c1f5637387696
                                                                                                                                                                                                                                                • Instruction ID: 6ed85db2bd097d682e333503c6340ca8081945049fbe0b90aacffbf0df55fcd8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0197b9301d15caa48b8628b74f4432df05e4852399c126c7a36c1f5637387696
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55D0A912F3D10282FF1E92A3A8900B802028FC8B40F188030CE6E0A2A18D2CA58E0300
                                                                                                                                                                                                                                                Function 00007FFE74D73A70 Relevance: 1.5, APIs: 1, Instructions: 13encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 174375392-0
                                                                                                                                                                                                                                                • Opcode ID: 632dc7379cf8de2684ec081788327151819ab78dff3d484f6f245d15746a680c
                                                                                                                                                                                                                                                • Instruction ID: 741da8e305421ff38163acd1b0d9dd8979838b80a036d0985605e8fde2640df4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632dc7379cf8de2684ec081788327151819ab78dff3d484f6f245d15746a680c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3ED01256F3D206C2FF199792A8951B812149F98B81F281034DE6E5A3A18D2DD59E4340
                                                                                                                                                                                                                                                Function 00007FFE74D74F50 Relevance: 1.5, APIs: 1, Instructions: 13encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 829835001-0
                                                                                                                                                                                                                                                • Opcode ID: ebc50f2da570223b497e915c7f2591e82ede3111b1a31832699d8a113abb53bc
                                                                                                                                                                                                                                                • Instruction ID: 36087849c0edec54a6ab786191776a1247ce33e540ed73a21b89f31fac3211c3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebc50f2da570223b497e915c7f2591e82ede3111b1a31832699d8a113abb53bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92C01212B6864983EF18976798810BD12129BC9B90F189030CE6D4B361CD3DD59F5340
                                                                                                                                                                                                                                                Function 00007FFE74D73AA0 Relevance: 1.5, APIs: 1, Instructions: 12encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 174375392-0
                                                                                                                                                                                                                                                • Opcode ID: 40993491916250a407921e82c951ec4765e426c780ab13773f83ebcebab1e224
                                                                                                                                                                                                                                                • Instruction ID: 49aeb680d308ac06b034464a718361e3015fcbdfe6b952c9d136f015b50cffb6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40993491916250a407921e82c951ec4765e426c780ab13773f83ebcebab1e224
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82C01212B6820A82EE186B62A8811BC1210AB89BC1F281030CE6E4B3A1CD2DE59B4340
                                                                                                                                                                                                                                                Function 00007FFE74D74F10 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e0eaa37618d0ae82c1d6640847f08eeae73c19b2b8da62c9a27f72d93b7d4bcf
                                                                                                                                                                                                                                                • Instruction ID: 0a3f7bebbcf6b25c5224d89f9197f1d297930cafc1edb23e3daa88ca89ac1482
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0eaa37618d0ae82c1d6640847f08eeae73c19b2b8da62c9a27f72d93b7d4bcf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DA00122A18992C5AB088B1698941A92366FBD8B487658432CA6D590249E39D14A9200
                                                                                                                                                                                                                                                Function 00007FFE74D73A60 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 646329c2d4e02711c9831ce0b0702e934b09ecdda67f1d039e0271aadf1bed3c
                                                                                                                                                                                                                                                • Instruction ID: 044b88bc0eafb648482363b4cad90d0172e7a0d802d6e0cfc0518563c8510449
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 646329c2d4e02711c9831ce0b0702e934b09ecdda67f1d039e0271aadf1bed3c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14A0022371CD52C1DB488B05D8901782334F7C0BC57300471D66D450748F39D40A8200
                                                                                                                                                                                                                                                Function 00007FFE74D725A0 Relevance: 80.8, APIs: 28, Strings: 18, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 337 7ffe74d725a0-7ffe74d725bd PyUnicode_AsUTF8 338 7ffe74d725bf-7ffe74d725c6 337->338 339 7ffe74d725c7-7ffe74d725df 337->339 340 7ffe74d725e2-7ffe74d725ed 339->340 341 7ffe74d725ef-7ffe74d725f3 340->341 342 7ffe74d7260c-7ffe74d7261d call 7ffe74d80b81 340->342 341->340 344 7ffe74d725f5-7ffe74d725f8 341->344 349 7ffe74d7261f-7ffe74d72622 342->349 350 7ffe74d7269a-7ffe74d726ab strcmp 342->350 346 7ffe74d72980-7ffe74d72999 PyErr_SetString 344->346 347 7ffe74d725fe-7ffe74d72607 PyLong_FromVoidPtr 344->347 348 7ffe74d729ba-7ffe74d729cb 346->348 347->348 349->346 351 7ffe74d72628-7ffe74d7262f 349->351 352 7ffe74d726ad-7ffe74d726b0 350->352 353 7ffe74d726c8-7ffe74d726d9 strcmp 350->353 354 7ffe74d72681-7ffe74d72695 351->354 355 7ffe74d72631-7ffe74d7263d CertDuplicateStore 351->355 352->346 356 7ffe74d726b6-7ffe74d726c3 PyBytes_FromStringAndSize 352->356 357 7ffe74d726f1-7ffe74d726fb 353->357 358 7ffe74d726db-7ffe74d726de 353->358 354->348 355->354 360 7ffe74d7263f 355->360 356->348 359 7ffe74d72700-7ffe74d7270b 357->359 358->346 361 7ffe74d726e4-7ffe74d726ec PyLong_FromUnsignedLong 358->361 362 7ffe74d7272d-7ffe74d72737 359->362 363 7ffe74d7270d-7ffe74d72711 359->363 364 7ffe74d72644 call 7ffe74d7f3a0 360->364 361->348 366 7ffe74d72740-7ffe74d7274b 362->366 363->359 365 7ffe74d72713-7ffe74d72716 363->365 367 7ffe74d72649-7ffe74d7267c _Py_NewReference PyLong_FromVoidPtr 364->367 365->346 368 7ffe74d7271c-7ffe74d72728 PyLong_FromUnsignedLong 365->368 369 7ffe74d72772-7ffe74d7277c 366->369 370 7ffe74d7274d-7ffe74d72751 366->370 367->348 368->348 372 7ffe74d72780-7ffe74d7278b 369->372 370->366 371 7ffe74d72753-7ffe74d72756 370->371 371->346 373 7ffe74d7275c-7ffe74d7276d PyBytes_FromStringAndSize 371->373 374 7ffe74d727b2-7ffe74d727c3 strcmp 372->374 375 7ffe74d7278d-7ffe74d72791 372->375 373->348 376 7ffe74d727c5-7ffe74d727c8 374->376 377 7ffe74d727e1-7ffe74d727f2 strcmp 374->377 375->372 378 7ffe74d72793-7ffe74d72796 375->378 376->346 379 7ffe74d727ce-7ffe74d727dc ?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z 376->379 380 7ffe74d727f4-7ffe74d727f7 377->380 381 7ffe74d72810-7ffe74d72821 strcmp 377->381 378->346 382 7ffe74d7279c-7ffe74d727ad PyBytes_FromStringAndSize 378->382 379->348 380->346 383 7ffe74d727fd-7ffe74d7280b ?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z 380->383 384 7ffe74d72823-7ffe74d72826 381->384 385 7ffe74d7283e-7ffe74d7284f strcmp 381->385 382->348 383->348 384->346 386 7ffe74d7282c-7ffe74d72839 call 7ffe74d76e10 384->386 387 7ffe74d72855-7ffe74d72858 385->387 388 7ffe74d72941-7ffe74d72952 strcmp 385->388 386->348 387->346 392 7ffe74d7285e-7ffe74d72884 PyTuple_New 387->392 390 7ffe74d72954-7ffe74d72957 388->390 391 7ffe74d72968-7ffe74d72979 strcmp 388->391 390->346 394 7ffe74d72959-7ffe74d72966 call 7ffe74d76ee0 390->394 397 7ffe74d729ae-7ffe74d729b4 PyObject_GenericGetAttr 391->397 398 7ffe74d7297b-7ffe74d7297e 391->398 395 7ffe74d72934-7ffe74d7293c 392->395 396 7ffe74d7288a-7ffe74d72890 392->396 394->348 395->348 400 7ffe74d72931 396->400 401 7ffe74d72896-7ffe74d728ae 396->401 397->348 398->346 402 7ffe74d7299b-7ffe74d729ac PyBytes_FromStringAndSize 398->402 400->395 404 7ffe74d728b2-7ffe74d728fb PyBytes_FromStringAndSize PyBool_FromLong Py_BuildValue 401->404 402->348 405 7ffe74d72911-7ffe74d72916 404->405 406 7ffe74d728fd-7ffe74d7290d 404->406 408 7ffe74d72921 405->408 409 7ffe74d72918-7ffe74d7291b _Py_Dealloc 405->409 406->404 407 7ffe74d7290f 406->407 410 7ffe74d72924-7ffe74d7292c 407->410 408->410 409->408 410->400
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FromLong_Unicode_Void
                                                                                                                                                                                                                                                • String ID: CertEncoded$CertEncodingType$CertStore$Critical$Extension$HANDLE$Issuer$NotAfter$NotBefore$ObjId$SerialNumber$SignatureAlgorithm$Subject$SubjectPublicKeyInfo$The certificate context has been closed$Value$Version${s:s,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 1154900293-275060559
                                                                                                                                                                                                                                                • Opcode ID: c7889124789a5714f42816edaafdda6ca93fb6b338b27ccd151ba1f6b6a3f606
                                                                                                                                                                                                                                                • Instruction ID: c062b4cb055cf7aebf4438f39c351f1b7fb1acd91914d8d21f78e8642a435fa7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7889124789a5714f42816edaafdda6ca93fb6b338b27ccd151ba1f6b6a3f606
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33C14A23A2D682C1EB569B15A9D027C63A9EF85B94F484431CFEE063B5EF3CE54D8240
                                                                                                                                                                                                                                                Function 00007FFE74D4DD10 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 209COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 452 7ffe74d4dd10-7ffe74d4dd5b PyImport_ImportModule 453 7ffe74d4dd5d-7ffe74d4dd64 452->453 454 7ffe74d4dd69-7ffe74d4dd7c PyImport_ImportModule 452->454 455 7ffe74d4df8a-7ffe74d4df9e _wcsdup 453->455 456 7ffe74d4dd7e-7ffe74d4dd85 454->456 457 7ffe74d4dd8a-7ffe74d4dda0 PyObject_GetAttrString 454->457 458 7ffe74d4dfa0-7ffe74d4dfa4 455->458 459 7ffe74d4dfac-7ffe74d4dfaf 455->459 456->455 460 7ffe74d4dda2-7ffe74d4dda9 457->460 461 7ffe74d4ddae-7ffe74d4ddbf PyObject_CallObject 457->461 458->459 462 7ffe74d4dfa6 _Py_Dealloc 458->462 463 7ffe74d4dfc0-7ffe74d4dfc3 459->463 464 7ffe74d4dfb1-7ffe74d4dfb5 459->464 460->455 465 7ffe74d4ddc1-7ffe74d4ddc8 461->465 466 7ffe74d4ddcd-7ffe74d4dde3 PyObject_GetAttrString 461->466 462->459 467 7ffe74d4dfd4-7ffe74d4dfd7 463->467 468 7ffe74d4dfc5-7ffe74d4dfc9 463->468 464->463 471 7ffe74d4dfb7-7ffe74d4dfba _Py_Dealloc 464->471 465->455 469 7ffe74d4dde5-7ffe74d4ddec 466->469 470 7ffe74d4ddf1-7ffe74d4de4f _Py_BuildValue_SizeT 466->470 473 7ffe74d4dfe9-7ffe74d4dfec 467->473 474 7ffe74d4dfd9-7ffe74d4dfde 467->474 468->467 472 7ffe74d4dfcb-7ffe74d4dfce _Py_Dealloc 468->472 469->455 475 7ffe74d4de51-7ffe74d4de58 470->475 476 7ffe74d4de5d-7ffe74d4de6f PyObject_CallObject 470->476 471->463 472->467 480 7ffe74d4dfee-7ffe74d4dff2 473->480 481 7ffe74d4dffd-7ffe74d4e000 473->481 474->473 477 7ffe74d4dfe0-7ffe74d4dfe3 _Py_Dealloc 474->477 475->455 478 7ffe74d4de71-7ffe74d4de78 476->478 479 7ffe74d4de7d-7ffe74d4de81 476->479 477->473 478->455 482 7ffe74d4de83-7ffe74d4de86 _Py_Dealloc 479->482 483 7ffe74d4de8c-7ffe74d4dea2 PyObject_GetAttrString 479->483 480->481 484 7ffe74d4dff4-7ffe74d4dff7 _Py_Dealloc 480->484 485 7ffe74d4e012-7ffe74d4e015 481->485 486 7ffe74d4e002-7ffe74d4e007 481->486 482->483 487 7ffe74d4dea4-7ffe74d4deab 483->487 488 7ffe74d4deb0-7ffe74d4deb4 483->488 484->481 490 7ffe74d4e026-7ffe74d4e029 485->490 491 7ffe74d4e017-7ffe74d4e01b 485->491 486->485 489 7ffe74d4e009-7ffe74d4e00c _Py_Dealloc 486->489 487->455 492 7ffe74d4debf-7ffe74d4ded0 PyObject_CallObject 488->492 493 7ffe74d4deb6-7ffe74d4deb9 _Py_Dealloc 488->493 489->485 495 7ffe74d4e034-7ffe74d4e047 490->495 496 7ffe74d4e02b-7ffe74d4e02e PyMem_Free 490->496 491->490 494 7ffe74d4e01d-7ffe74d4e020 _Py_Dealloc 491->494 497 7ffe74d4ded2-7ffe74d4ded9 492->497 498 7ffe74d4dede-7ffe74d4def1 492->498 493->492 494->490 496->495 497->455 499 7ffe74d4def3-7ffe74d4df07 PyUnicode_AsWideCharString 498->499 500 7ffe74d4df38-7ffe74d4df3f 498->500 501 7ffe74d4df22-7ffe74d4df36 _wcsdup 499->501 502 7ffe74d4df09-7ffe74d4df20 PyErr_SetString 499->502 503 7ffe74d4df41-7ffe74d4df58 PyErr_SetString 500->503 504 7ffe74d4df5a-7ffe74d4df5d 500->504 501->458 505 7ffe74d4df83 502->505 503->505 506 7ffe74d4df65 504->506 507 7ffe74d4df5f-7ffe74d4df63 504->507 505->455 508 7ffe74d4df6c-7ffe74d4df7d PyErr_Format 506->508 507->508 508->505
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
                                                                                                                                                                                                                                                • String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - cant find cStringIO.StringIO>$<Error getting traceback - cant find getvalue function>$<Error getting traceback - cant find traceback.print_exception>$<Error getting traceback - cant import cStringIO>$<Error getting traceback - cant import traceback>$<Error getting traceback - cant make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
                                                                                                                                                                                                                                                • API String ID: 2735870070-2174458333
                                                                                                                                                                                                                                                • Opcode ID: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                                • Instruction ID: 70e37e1310a05c666e5719832c383d9b028cf6e3d76146339d9cd1a4bd7c9667
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0891E133A2DA47D1EAA6DB15A8A427463A1BF95B80F544032DEBE42774EF3CE50D9301
                                                                                                                                                                                                                                                Function 00007FFE74D425D0 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 163COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FFE74D425F3
                                                                                                                                                                                                                                                • PyTuple_New.PYTHON312 ref: 00007FFE74D42621
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D426C7
                                                                                                                                                                                                                                                • Py_BuildValue.PYTHON312 ref: 00007FFE74D42826
                                                                                                                                                                                                                                                • PyTuple_SetItem.PYTHON312 ref: 00007FFE74D4283A
                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00007FFE74D428AD
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildErr_FreeLocalTuple_$DeallocDecodeEntriesErrorExplicitFormatFromItemLastMessageObjectSizeStringUnicode_ValueValue_
                                                                                                                                                                                                                                                • String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                • API String ID: 2366750547-3224252679
                                                                                                                                                                                                                                                • Opcode ID: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                                • Instruction ID: becfd66897a3cf277cae3e0c78693fc1e22e41aaef46d2c62aa9378c7e202e84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A811836A2CB46D6EB618F15E480269B3A0FB89B90F444136CBAD53774EF3CE459D740
                                                                                                                                                                                                                                                Function 00007FFE74D49E30 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 197COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Dealloc$String$BuildLongNumber_Value$ArgumentAttrCallCheckClearEval_FormatKeywordsLong_ObjectObject_OccurredSubtypeType_With_mktime64
                                                                                                                                                                                                                                                • String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
                                                                                                                                                                                                                                                • API String ID: 374337924-3179837657
                                                                                                                                                                                                                                                • Opcode ID: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                                • Instruction ID: 2b7f080880bbf4343383dd670146858b5e7ca96bc8e5c845b75df46c6bce0e40
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A291AF33A2DA46C6EB158F25E8902B873A0FF89B94F444135DFAE02764EF3CE4499701
                                                                                                                                                                                                                                                Function 00007FFE74D43E20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
                                                                                                                                                                                                                                                • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
                                                                                                                                                                                                                                                • API String ID: 1438466550-1140684800
                                                                                                                                                                                                                                                • Opcode ID: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                                • Instruction ID: 0429fadb4fcbc58ca54ddcbf40aa300f6c270aff72557fda82d0e4daa310d30d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44813C33B1DA86C2EA519F15E48426AA3A0FF85B84F544135DFAE43725EF3CE449D701
                                                                                                                                                                                                                                                Function 00007FFE74D478A0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AbsoluteErr_FormatMakemallocmemset
                                                                                                                                                                                                                                                • String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 1436552674-2130869594
                                                                                                                                                                                                                                                • Opcode ID: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                                • Instruction ID: 77b42c628a38e2fd02b60328ad5c027fe01a0184692a601258f534e38a9b6a39
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F812B36B1DB46CAFB518F66E8806A973A0FB48B94F044035DFAD57B64EF38E5498700
                                                                                                                                                                                                                                                Function 00007FFE74D76970 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: From$Size$BuildBytes_DeallocObject_StringU_object@@Value_$Bool_Err_LongTuple_Warn
                                                                                                                                                                                                                                                • String ID: ContainerName$Data$Flags$KeySpec$Param$ProvName$ProvParam$ProvType$Unsupported PP_ parameter returned as raw data${s:k, s:k, s:N}${s:u, s:u, s:k, s:k, s:k, s:N}
                                                                                                                                                                                                                                                • API String ID: 18416738-1800846073
                                                                                                                                                                                                                                                • Opcode ID: 4687acc39f0fb603ce9182b4fb1824b5c3a8890af091ed117d7498ab5ff252f0
                                                                                                                                                                                                                                                • Instruction ID: 0a375130d875e7c33b4e4ccfaf8acece8b97f994c1c7032fefbfee09773c4952
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4687acc39f0fb603ce9182b4fb1824b5c3a8890af091ed117d7498ab5ff252f0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4951E233A2CA46D6EB118F55E88443977A8FB89B60B544135DBAE43B70EF3CE959C700
                                                                                                                                                                                                                                                Function 00007FFE74D778D0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 114encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocSize$FromString$BuildBytes_CertDuplicateState_Value_$CallCertificateContextEnsureErr_Long_Object_ReferenceReleaseStoreVoid
                                                                                                                                                                                                                                                • String ID: Issuer$Object must be of type PyCERT_CONTEXT$OkNN$SerialNumber$The certificate context has been closed${s:N, s:N}
                                                                                                                                                                                                                                                • API String ID: 2673056449-1119961777
                                                                                                                                                                                                                                                • Opcode ID: b7375d67e9854d535db6a38528d76b2dc801787294051a98709b0494690c52da
                                                                                                                                                                                                                                                • Instruction ID: fc050c2c08f2f1a8883e15d9ef7aba992d9b9ca106c066834e08937f831f2272
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7375d67e9854d535db6a38528d76b2dc801787294051a98709b0494690c52da
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0510426A2DA52C2EB158B16E88453D73A8FB88B94F444435DBAE47B74DF3CE64DC340
                                                                                                                                                                                                                                                Function 00007FFE74D435A0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Arg_FormatParseStringTuple
                                                                                                                                                                                                                                                • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
                                                                                                                                                                                                                                                • API String ID: 901859003-3541680958
                                                                                                                                                                                                                                                • Opcode ID: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                                • Instruction ID: cfbcb9f271aaa895ff73cca94dc667c446320b81114dddff0cfb838afc44ac0f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD610B32A2CA46C2EA518B19E490669B3A0FB85B84F544135DBEE43B74EF7CE44DD700
                                                                                                                                                                                                                                                Function 00007FFE74D733D0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_KeywordsParseStringTuple
                                                                                                                                                                                                                                                • String ID: CertGetCertificateContextProperty$CertGetCertificateContextProperty: unable to allocate %d bytes$Not yet supported$The certificate context has been closed$k:CertGetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 1259807946-657533434
                                                                                                                                                                                                                                                • Opcode ID: b5fd4a21c95569600c223451aab2679073df3252bcfa072d695b2646066abe88
                                                                                                                                                                                                                                                • Instruction ID: e8cb5b8df295e0f1d1b73d6b515e05f3302b1e68fcb2eb8371713ff8f47c061a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5fd4a21c95569600c223451aab2679073df3252bcfa072d695b2646066abe88
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E51F636A2CA46C2EB058F66A89447D63A9FBC9B84F544031DBAE47774DE3CE54DCB00
                                                                                                                                                                                                                                                Function 00007FFE74D7AFD0 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$Build$Bytes_DeallocFromString$Err_State_Tuple_ValueValue_Warn$AppendEnsureList_Release
                                                                                                                                                                                                                                                • String ID: Data$Key identifier property returned as raw data$KeyIdentifier$PropId$Props${s:N, s:N}${s:k,s:N}
                                                                                                                                                                                                                                                • API String ID: 2091424248-3219072386
                                                                                                                                                                                                                                                • Opcode ID: b32600a85b1021f92400e9aa57d500c78ef7b6a779fdab0ba01ec16d785755e1
                                                                                                                                                                                                                                                • Instruction ID: dd845132974694a33265131619443af643e1b25797f4e70b2d56666c8349583a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b32600a85b1021f92400e9aa57d500c78ef7b6a779fdab0ba01ec16d785755e1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B510622A2DA86D1EB518B11E89427973A5FB94B98F044035DFAE03768EF3CE54DC700
                                                                                                                                                                                                                                                Function 00007FFE74D7E384 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 128threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadView@@$Arg_CertError@@KeywordsNameParseRestoreSaveTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CertNameToStr$O|kk:CertNameToStr$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 2442106594-1555462470
                                                                                                                                                                                                                                                • Opcode ID: 0826d4cc52d85df478c7f11e384b7158e37badba30997c9789b744a28f675ec2
                                                                                                                                                                                                                                                • Instruction ID: e888be8631a0ffbb68e731b778ccd9d569e98ce1334b6dd37d2818151be6f9a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0826d4cc52d85df478c7f11e384b7158e37badba30997c9789b744a28f675ec2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF513722A2CA86C6E7118F56E89866D77A4FB89B84F444035DB9E43B65DF3CE50DCB00
                                                                                                                                                                                                                                                Function 00007FFE74D45D60 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                                • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                                • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                                • Opcode ID: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                                • Instruction ID: b968f38d5bb16d5e8dfa8abdf6633847242707a3cd75295375b97b9d2254a3af
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08413733A2CA46C2EE528B19E4E4278A360BF88B94F454131DFAE47774EF6CE54D9701
                                                                                                                                                                                                                                                Function 00007FFE74D730A0 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 94threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertElementErr_Error@@KeywordsParseRestoreSaveSerializeStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertSerializeCertificateStoreElement$The certificate context has been closed$Unable to allocate %d bytes$|k:CertSerializeCertificateStoreElement
                                                                                                                                                                                                                                                • API String ID: 1213706224-3507625014
                                                                                                                                                                                                                                                • Opcode ID: 5e1cd10821ea043875ec555ced4c9219dd2fbae59602832220a47029db281a39
                                                                                                                                                                                                                                                • Instruction ID: b20e52b21431c1df46ce69ccbc49f48cdb2e177efcdcb38f721521333e510c4f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e1cd10821ea043875ec555ced4c9219dd2fbae59602832220a47029db281a39
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2641B766A2CA46C2EB019F66E89457DA3A9FBC4BD4B440035DE9E43B34DE7CE54EC700
                                                                                                                                                                                                                                                Function 00007FFE74D722A0 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 96threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_ThreadU_object@@$Arg_CertErr_Error@@ExportFreeKeywordsMem_MemoryObject_ParseRestoreSaveStoreTupleWin_malloc
                                                                                                                                                                                                                                                • String ID: PFXExportCertStoreEx$|Ok:PFXExportCertStoreEx
                                                                                                                                                                                                                                                • API String ID: 1535270174-947405562
                                                                                                                                                                                                                                                • Opcode ID: 2eb6506087554c6f90904b7bafe9380861077e1e9df38959fc2f4c7453600f3a
                                                                                                                                                                                                                                                • Instruction ID: 75d7378f62b39bd1045e9e1af63ad335525da0caf1409582105a3c4be3f48aeb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2eb6506087554c6f90904b7bafe9380861077e1e9df38959fc2f4c7453600f3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9410822A2CA86C6EB649F51E88467E7365FBD9B84F044135DB9E43B24EF3CD54D8700
                                                                                                                                                                                                                                                Function 00007FFE74D72EA0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 93threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertEnhancedErr_Error@@KeywordsParseRestoreSaveStringTupleU_object@@UsageWin_
                                                                                                                                                                                                                                                • String ID: CertGetEnhancedKeyUsage$Failed to allocate %d bytes$The certificate context has been closed$|k:CertGetEnhancedKeyUsage
                                                                                                                                                                                                                                                • API String ID: 3590224318-2435798374
                                                                                                                                                                                                                                                • Opcode ID: 71554d7fcb6574eedf2d713f6e2ab146c439c15d3d5592d65a2712844cfedbec
                                                                                                                                                                                                                                                • Instruction ID: d6d023e451072068d61bef826468e15e5debad99e1eaba2dd2fdb4abe89c0ea0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71554d7fcb6574eedf2d713f6e2ab146c439c15d3d5592d65a2712844cfedbec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F041CA66A2C646C2EB019F66A884579A3A9FBC5B94F440036DE9D43B34DE7CE54EC700
                                                                                                                                                                                                                                                Function 00007FFE74D78B90 Relevance: 29.8, APIs: 7, Strings: 10, Instructions: 58COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$From$BuildValue_$Bytes_E@@@Object_StringU_object@@
                                                                                                                                                                                                                                                • String ID: Data$IntendedKeyUsage$KeyId$NotAfter$NotBefore$PrivateKeyUsagePeriod$UnusedBits${s:N, s:N, s:N}${s:N, s:N}${s:N,s:k}
                                                                                                                                                                                                                                                • API String ID: 1928187129-2639204421
                                                                                                                                                                                                                                                • Opcode ID: 2257a7b345ec69c6ae2be7734555acfc39aab89e7f7b358402eec711c26cbcdd
                                                                                                                                                                                                                                                • Instruction ID: 00163d2a875fd9d25aafb322902e22ac4b0cf3512a494058a144cdbaf4af75ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2257a7b345ec69c6ae2be7734555acfc39aab89e7f7b358402eec711c26cbcdd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A121D266A1DB42D2EB118F56E8800797368FB88B94B444132DBAE43735EF7CE59EC740
                                                                                                                                                                                                                                                Function 00007FFE74D48110 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
                                                                                                                                                                                                                                                • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
                                                                                                                                                                                                                                                • API String ID: 965136164-2833774516
                                                                                                                                                                                                                                                • Opcode ID: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                                • Instruction ID: 345d72e06a7c647e9d43bf775667726ac12b80e89a458b11bc0e33b7993c96b8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E510B37B2DA06C6EB558F65D8C01B863A1BF44BC8F444432EEAE57A64DE38E44ED341
                                                                                                                                                                                                                                                Function 00007FFE74D7B4A0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 131threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferErr_Eval_ReferenceThreadView@@$Arg_CertElementError@@FormatFromKeywordsLong_ParseRestoreSaveSerializedStoreStringTupleU_object@@U_object@@_VoidWin_
                                                                                                                                                                                                                                                • String ID: CertAddSerializedElementToStore$Context type %d is not yet supported$OOk|kk:CertAddSerializedElementToStore$Object must be of type PyCERTSTORE
                                                                                                                                                                                                                                                • API String ID: 544885331-4265936841
                                                                                                                                                                                                                                                • Opcode ID: a926e816690e577665c240bdea380ee0f00c253e1d0ad3fb6d0dbfe8fad027b4
                                                                                                                                                                                                                                                • Instruction ID: b10c4a86f66491e41804a2e3a394f93c5fdff965ac539d41de92abf40d0d29c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a926e816690e577665c240bdea380ee0f00c253e1d0ad3fb6d0dbfe8fad027b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A261D436A2CA41C2EB618B15E48467D73A8FB98B94F544136DBAE43B68DF3CE54CC740
                                                                                                                                                                                                                                                Function 00007FFE74D41F20 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                                • String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
                                                                                                                                                                                                                                                • API String ID: 959004690-581804069
                                                                                                                                                                                                                                                • Opcode ID: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                                • Instruction ID: fcc6d15608ca1bc0864e4b09a6679ad2d96c0140bc503f8c3d328c2e27e03aec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1451F633A2CA46D2EB618F19E4C4169B7A4FB88B94F504035CBAD47764EF3CE599D700
                                                                                                                                                                                                                                                Function 00007FFE74D4CE10 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
                                                                                                                                                                                                                                                • String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
                                                                                                                                                                                                                                                • API String ID: 3109676845-3026970096
                                                                                                                                                                                                                                                • Opcode ID: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                                • Instruction ID: a226915fc7919f03afddd1584b03ebf00a45af58bb45fbe82718a9753fe966f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7751FB27A2DA46C2EB558F19E49423863A0FF84F84F454032DFAE43664EF2CE499D701
                                                                                                                                                                                                                                                Function 00007FFE74D42120 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String$BuildCharFromUnicode_ValueWide
                                                                                                                                                                                                                                                • String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                • API String ID: 2305401427-1816636059
                                                                                                                                                                                                                                                • Opcode ID: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                                • Instruction ID: f29466b129cc8120e7771e7aaf505e2a014389467a91649786aa9b47b5c352ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40412D32A1CA46C6EB618F19E8C4269B3A0FB85B94F544136CBAD53774EF3CE44AD700
                                                                                                                                                                                                                                                Function 00007FFE74D7A5F0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 127threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Eval_StringThread$Arg_BufferCertCheckErrorError@@FreeFromKeywordsLastLong_Object_OpenParseReferenceRestoreSaveSequence_StoreTupleU_object@@View@@VoidWin_
                                                                                                                                                                                                                                                • String ID: CertOpenStore$O&kOkO:CertOpenStore$Object must be of type PyCRYPTPROV$Specified store provider type not supported
                                                                                                                                                                                                                                                • API String ID: 3832450745-1761686843
                                                                                                                                                                                                                                                • Opcode ID: 87ace0bd8a2f7f6aa1e933e2e2ec12d760acf991e0ee20bb92dd2ffa10415896
                                                                                                                                                                                                                                                • Instruction ID: fce628701dd6d89ab20536fe728491a284df6987892c5013b572861f2398accb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87ace0bd8a2f7f6aa1e933e2e2ec12d760acf991e0ee20bb92dd2ffa10415896
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F451E636A2DB02CAE7158F65E4801BC33B9BB84B94B504136DEAE57BB4DF3CD5198340
                                                                                                                                                                                                                                                Function 00007FFE74D49490 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Authority$CountErrorIdentifierLastValid
                                                                                                                                                                                                                                                • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                                                                                                                                                                                                • API String ID: 228009767-531523367
                                                                                                                                                                                                                                                • Opcode ID: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                                • Instruction ID: 115d4254d64e8e2ae63475615eebdd3c359167611bac02f0e90469cb6fbc14f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC518B73A1C691C2D7618F2AA894679BBA0FB85B85F044135DFEE43764EE3CD449DB00
                                                                                                                                                                                                                                                Function 00007FFE74D77F20 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D77F6F
                                                                                                                                                                                                                                                • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D77FA6
                                                                                                                                                                                                                                                • ?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D77FBC
                                                                                                                                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D77FDD
                                                                                                                                                                                                                                                • PyErr_NoMemory.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D77FEC
                                                                                                                                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFE74D78261), ref: 00007FFE74D780BD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Arg_DeallocKeywords_MemoryParseSequence_SizeStringTupleTuple@@U_object@@malloc
                                                                                                                                                                                                                                                • String ID: Object used to construct CRYPT_ATTRIBUTE must be a dict$sO:CRYPT_ATTRIBUTE
                                                                                                                                                                                                                                                • API String ID: 890852602-2761299909
                                                                                                                                                                                                                                                • Opcode ID: b069d1cefb7fc15a9b876478998a68c96a0f78731c56ebef99fc7d72c260dd59
                                                                                                                                                                                                                                                • Instruction ID: db0563471fe6f82f1775675ece18f15fa7255758b35aacd86af8e00d4d3e93be
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b069d1cefb7fc15a9b876478998a68c96a0f78731c56ebef99fc7d72c260dd59
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D513C23A2CA42D6EB518F25E8807B973A4FB84B94F044535EBAE43764DF3CE589C750
                                                                                                                                                                                                                                                Function 00007FFE74D71740 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 97encryptionthreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$CertEval_List_Thread$AppendContextDuplicateEnumErrorError@@FromLastLong_ReferenceRestoreSaveStoreU_object@@VoidWin_
                                                                                                                                                                                                                                                • String ID: CertEnumCTLsInStore
                                                                                                                                                                                                                                                • API String ID: 62969067-3713136399
                                                                                                                                                                                                                                                • Opcode ID: dc73392e2be614698aa97d53e01ad095b24fb8ae7ae5d0ac62e74ef0977ddc35
                                                                                                                                                                                                                                                • Instruction ID: 11a4be06faecac94166381d38aabfa8496f70a5926facb30c12f4e35bb558eb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc73392e2be614698aa97d53e01ad095b24fb8ae7ae5d0ac62e74ef0977ddc35
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A412923A2DA02D5EB559F26A88413D63A9FF89B91F580534CFAE46770EF3CE54D8300
                                                                                                                                                                                                                                                Function 00007FFE74D4A900 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                                • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                                • Opcode ID: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                                • Instruction ID: 51dd84d409698a0d4a2c3e47ce54810874bbe3c1472361097d296edcadc97546
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C415B36A2DB46C2EA519F59E584279A360BB88B84F448135DFEE137B4EF3CE409C701
                                                                                                                                                                                                                                                Function 00007FFE74D41DB0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CheckErr_Mapping_String
                                                                                                                                                                                                                                                • String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
                                                                                                                                                                                                                                                • API String ID: 1486305882-910247860
                                                                                                                                                                                                                                                • Opcode ID: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                                • Instruction ID: e86a43648349a05c3f418eecb5e20171c6cd6606bef64e86ae9c3ebf53d78ff9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48315A32A2DA46C6EA558F16A884139A3A0FF89F95F144030DF9E17774EF3CD48A9300
                                                                                                                                                                                                                                                Function 00007FFE74D78CA0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$From$BuildBytes_StringValue_$Bool_DeallocLongTuple_
                                                                                                                                                                                                                                                • String ID: Data$PathLenConstraint$SubjectType$SubtreesConstraint$UnusedBits$fPathLenConstraint${s:N, s:N, s:k, s:N}${s:N,s:k}
                                                                                                                                                                                                                                                • API String ID: 2254952139-3836181269
                                                                                                                                                                                                                                                • Opcode ID: fe7c34076d353ce6d13930a73a41c9400fb2bff6c80f2aad2dc7ed2a5f3541b8
                                                                                                                                                                                                                                                • Instruction ID: 72162d8907e8fa2ac8f273218e16d6cfe0f80ba04126cc6c8dcbcb2769882a71
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe7c34076d353ce6d13930a73a41c9400fb2bff6c80f2aad2dc7ed2a5f3541b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D31E436A2CB42D6DB00DF51E4844793369FB88B50B044135EBAE47B64EF3CE699C740
                                                                                                                                                                                                                                                Function 00007FFE757916F0 Relevance: 25.7, APIs: 1, Strings: 16, Instructions: 234COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE7572C340: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,00007FFE7579738A,?,?,?,?,?,00007FFE7572C0E2), ref: 00007FFE7572C4E8
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE7572BE30: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FFE7572653C), ref: 00007FFE7572BF9A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE7572BE30: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FFE7572653C), ref: 00007FFE7572C026
                                                                                                                                                                                                                                                • memcpy.VCRUNTIME140 ref: 00007FFE75791A74
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: FILTER clause may only be used with aggregate window functions$L$RANGE with offset PRECEDING/FOLLOWING requires one ORDER BY expression$U$U$Y$Z$Z$cume_dist$dense_rank$lag$lead$ntile$percent_rank$rank$row_number
                                                                                                                                                                                                                                                • API String ID: 3510742995-2880407920
                                                                                                                                                                                                                                                • Opcode ID: 5eeb1426e28fcd3045d66288b2d2a9e22e9e9cf39fcaf6444c691318291380f9
                                                                                                                                                                                                                                                • Instruction ID: 8ee9fea84d35b96c8df28aa99772d659f36d186188e83ee715cc9fa2e0b094a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eeb1426e28fcd3045d66288b2d2a9e22e9e9cf39fcaf6444c691318291380f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4B1AF77A1AB82CAE7208F24E8502AA77B1FB45B98F104235DEAD07BA5DF3CD455C740
                                                                                                                                                                                                                                                Function 00007FFE74D78590 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Formatfreemalloc$BufferDeallocSequence_Tuple@@U_object@@View@@memset
                                                                                                                                                                                                                                                • String ID: Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 4010994401-4174463691
                                                                                                                                                                                                                                                • Opcode ID: 1d7b7cb29d3a8fb00a6bc33d787eede62a176afb6cdf9e83871ceaf3709ed40c
                                                                                                                                                                                                                                                • Instruction ID: cc4c850232c2ee9b6d6b2b153b358340236b504615c9337b942410bdf67aa9e3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d7b7cb29d3a8fb00a6bc33d787eede62a176afb6cdf9e83871ceaf3709ed40c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79511A37A2CB12D2EB12DF16A49427D72A8BB85B84F154135DFAD43760EE3CE949C740
                                                                                                                                                                                                                                                Function 00007FFE74D78980 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$DeallocStringfree$Bytes_ClearLong_MemoryOccurredSequence_Tuple@@U_object@@Voidmallocmemset
                                                                                                                                                                                                                                                • String ID: Integer OID must have high order word clear
                                                                                                                                                                                                                                                • API String ID: 676720102-606765175
                                                                                                                                                                                                                                                • Opcode ID: 839481a5374694409df728ded5156741970058356ec543a623d6fd67637e7524
                                                                                                                                                                                                                                                • Instruction ID: bf6a5450549ed415a467589e3285b0ffbf6ebfa30095ed4bb2f442f5c5270164
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 839481a5374694409df728ded5156741970058356ec543a623d6fd67637e7524
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4511933A2CA42C2EB568F16D48423D73A8FB85B90B548135DBAD53764DF3CE9A98310
                                                                                                                                                                                                                                                Function 00007FFE74D715E0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 94encryptionthreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$CertEval_List_Thread$AppendCertificateCertificatesContextDuplicateEnumErrorError@@LastReferenceRestoreSaveStoreU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertEnumCertificatesInStore
                                                                                                                                                                                                                                                • API String ID: 2638904092-715189387
                                                                                                                                                                                                                                                • Opcode ID: 1f77b79d1a4d1ce4240d3daf1f6ab9bd2ed3ae7e9885931dcaa3121376874f3e
                                                                                                                                                                                                                                                • Instruction ID: 61880ae58e345fa37778f9fdffa779d5575b9ef47f9aa8caaf4862e14692ef66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f77b79d1a4d1ce4240d3daf1f6ab9bd2ed3ae7e9885931dcaa3121376874f3e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE314C23A2DA02C5EB159F16A8C417D63A4BF88B90F580634CFAE46770EF3CE94D8300
                                                                                                                                                                                                                                                Function 00007FFE74D76490 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CertElementErr_Error@@KeywordsParseSerializeStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertSerializeCTLStoreElement$The certificate trust context has been closed$Unable to allocate %d bytes$|k:CertSerializeCTLStoreElement
                                                                                                                                                                                                                                                • API String ID: 2109812038-2971064172
                                                                                                                                                                                                                                                • Opcode ID: 510c4899f38fdeb9faecca273dd8be041beb8aff3d436e3cbb2d9de04d79ea5f
                                                                                                                                                                                                                                                • Instruction ID: 47f83c51419257269eacc0530143d5d983bffe29c46208de3809088635baf382
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 510c4899f38fdeb9faecca273dd8be041beb8aff3d436e3cbb2d9de04d79ea5f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93310E27A2C652C2EB018F56F884479A375FBD5B94B544032DB9D43778EE3CE54D8B00
                                                                                                                                                                                                                                                Function 00007FFE74D72C30 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_List_String
                                                                                                                                                                                                                                                • String ID: The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 1546712769-2422706626
                                                                                                                                                                                                                                                • Opcode ID: 44adfcb3d86ddeac697878b910f2377be4c48f4a4b8643057c8372f50b7e7b81
                                                                                                                                                                                                                                                • Instruction ID: afc6e8be64fa1a63badf6e8c80de759cb79057a415782168698af92370f1ba35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44adfcb3d86ddeac697878b910f2377be4c48f4a4b8643057c8372f50b7e7b81
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3314123A2DA42C1EB158F26A89413D23A8FF88F95B481034CBAE47774EE3CE54D8340
                                                                                                                                                                                                                                                Function 00007FFE74D7E7F0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Eval_ThreadU_object@@$Arg_CertError@@FreeImportKeywordsMem_Object_ParseRestoreSaveStoreTupleU_object@@_Win_
                                                                                                                                                                                                                                                • String ID: OOk:PFXImportCertStore$PFXImportCertStore
                                                                                                                                                                                                                                                • API String ID: 3056532213-2473002513
                                                                                                                                                                                                                                                • Opcode ID: 1a9a6a862b4e84944f53f756492ac7a35e2894940edcae8ab02f27f098d5dc5d
                                                                                                                                                                                                                                                • Instruction ID: 84a0454584ad679b40ed0b9f01b950ea47e638ead16f078c0fbcbf8a1c3da7a6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a9a6a862b4e84944f53f756492ac7a35e2894940edcae8ab02f27f098d5dc5d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D841F73761CA86C6EB609F55F4847BAA3A4FB89B80F444035DBDE42A69DF3CD54C8B00
                                                                                                                                                                                                                                                Function 00007FFE74D4C8D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Long$FromLong_Unsigned$BuildSizeValue_
                                                                                                                                                                                                                                                • String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3939590852-408589094
                                                                                                                                                                                                                                                • Opcode ID: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                                • Instruction ID: 40f507d79e2950535aa1b383af3a77855a9a2f4425af4d6acaa8837603270d8a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F021C536A69B46C5EA01CB11F888469B3A8FB89B90F550136EEAD43734EF38D159DB00
                                                                                                                                                                                                                                                Function 00007FFE74D76EE0 Relevance: 24.5, APIs: 5, Strings: 9, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,00000000,00007FFE74D72966), ref: 00007FFE74D76EF4
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFE74D72966), ref: 00007FFE74D76F19
                                                                                                                                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,00000000,00007FFE74D72966), ref: 00007FFE74D76F29
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFE74D72966), ref: 00007FFE74D76F4C
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFE74D72966), ref: 00007FFE74D76F6F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildValue_$Bytes_FromString
                                                                                                                                                                                                                                                • String ID: Algorithm$Data$ObjId$Parameters$PublicKey$UnusedBits${s:N, s:N}${s:N,s:k}${s:s, s:N}
                                                                                                                                                                                                                                                • API String ID: 2576831981-2447339682
                                                                                                                                                                                                                                                • Opcode ID: faa51fea7d1e966e1a473862f6131679fc3004542d6472c896febd022656ec42
                                                                                                                                                                                                                                                • Instruction ID: 47bfaf447c19f777ef84113ddb095d6d08de69824cfcff110c53401e2a512cc2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faa51fea7d1e966e1a473862f6131679fc3004542d6472c896febd022656ec42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1611F276A2CA42D2DB00CB51E9804B93338FB88794B444132DBAD03634EF3CE59EC740
                                                                                                                                                                                                                                                Function 00007FFE74D7368C Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParsePropertyRestoreSaveStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertSetCertificateContextProperty$Property Id %d is not supported yet$The certificate context has been closed$kO|k:CertSetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 4070676993-2103186099
                                                                                                                                                                                                                                                • Opcode ID: 1eda2b3be17b904ef8e9cb8511514f6f1d83a1bc46e628707933d51ae6147783
                                                                                                                                                                                                                                                • Instruction ID: b3e3c3ad77072cfb2f1ab96de8624c0da04e6b15c1ba888ae5155d165e82055c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eda2b3be17b904ef8e9cb8511514f6f1d83a1bc46e628707933d51ae6147783
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9518073A2CB81C6E7028F35A89057D3B78AB85B84F454472CBAE83665DF2CE51DC300
                                                                                                                                                                                                                                                Function 00007FFE74D428D0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String
                                                                                                                                                                                                                                                • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                                • Opcode ID: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                                • Instruction ID: 52b999bec0f61225c0ab858e9c3bebebc9943d3520a9d0485f6630dc4c52fcb9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12516123B2C64BC2EA159B5AA8D0079A390BF89BC4F544431DFAD477B4EE3CE44E9701
                                                                                                                                                                                                                                                Function 00007FFE74D4C9C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$DeallocFormatSequence_StringTuple
                                                                                                                                                                                                                                                • String ID: Sequence can contain at most %d items$Sequence of dwords cannot be None$Unable to allocate %d bytes
                                                                                                                                                                                                                                                • API String ID: 3107502305-158408534
                                                                                                                                                                                                                                                • Opcode ID: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                                • Instruction ID: 193d3bd38b84fecad907e332a64dce472377cdfee3bcd1f60b3ceaff710182fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A410B37A2DB46C6EA51CF19A895538B3A4BB88B94F454031CEAD43760EF3CE48AD701
                                                                                                                                                                                                                                                Function 00007FFE74D772B0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildDecodeSizeTuple_Unicode_Value_
                                                                                                                                                                                                                                                • String ID: ObjId$Value$ValueType${s:s, s:k, s:N}
                                                                                                                                                                                                                                                • API String ID: 1776507976-1124644876
                                                                                                                                                                                                                                                • Opcode ID: 2fba663af8100e213b28001a27699d51d4eeafcbb3216d0178c6bc50a09f3415
                                                                                                                                                                                                                                                • Instruction ID: f7c5b244c8f0cb6b64190d39497f702de2b07fa9fe9f1a4321288ae6b1386bba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fba663af8100e213b28001a27699d51d4eeafcbb3216d0178c6bc50a09f3415
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D411732A2CA42C6EB618B11A48453A67A8FB88B94F544835DFEE07774DF3CE949C700
                                                                                                                                                                                                                                                Function 00007FFE74D78F10 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildDeallocTuple_Value_$Bytes_FromString
                                                                                                                                                                                                                                                • String ID: PolicyIdentifier$PolicyQualifier$PolicyQualifierId$Qualifier${s:s, s:N}${s:s,s:N}
                                                                                                                                                                                                                                                • API String ID: 2693019599-3040507794
                                                                                                                                                                                                                                                • Opcode ID: 5eb2cefdf458d5faa3450b65e858db3e35ade2d4c32ffbc7616ede5244d7be4b
                                                                                                                                                                                                                                                • Instruction ID: bb829346749ad16f0552f282f802ea88d3914e225358aecccaf3e9a2754dd1c9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eb2cefdf458d5faa3450b65e858db3e35ade2d4c32ffbc7616ede5244d7be4b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C415837A29A42D6EB118F21E48457A73A9FB85B44F440536DBAE03734DF3CE589C700
                                                                                                                                                                                                                                                Function 00007FFE74D78780 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$String$Bytes_ClearDeallocLong_MemoryOccurredSequence_Tuple@@U_object@@Voidfreemallocmemset
                                                                                                                                                                                                                                                • String ID: Integer OID must have high order word clear
                                                                                                                                                                                                                                                • API String ID: 1899850966-606765175
                                                                                                                                                                                                                                                • Opcode ID: 68963b0df1b8cfc8be85e7d87409f999e7c3d002caaa80eceb2ffa582505da94
                                                                                                                                                                                                                                                • Instruction ID: 2bf0c2e5783a737eabce4ebab5b0e570c95c37ca451843725fc28394df8fc4fe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68963b0df1b8cfc8be85e7d87409f999e7c3d002caaa80eceb2ffa582505da94
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9413933A2DA42C2EB129F1AA48413D33A8FB88F90B154135EBAD47764EF3CD949C350
                                                                                                                                                                                                                                                Function 00007FFE74D775F0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Arg_DeallocKeywords_MemoryParseSequence_SizeStringTupleTuple@@U_object@@malloc
                                                                                                                                                                                                                                                • String ID: Object must be of type PyCERTSTORE$Object used to construct a CRYPT_DECRYPT_MESSAGE_PARA must be a dict$O|kk:CRYPT_DECRYPT_MESSAGE_PARA
                                                                                                                                                                                                                                                • API String ID: 890852602-695212532
                                                                                                                                                                                                                                                • Opcode ID: 95edc658e931994eea7a787aa06eb6f4111cdecfdcd56a7d8f84016dd0d8b888
                                                                                                                                                                                                                                                • Instruction ID: 52081a769566409f0278e7ebf3d2da7752eda82405b37adffea7325a5b0cd282
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95edc658e931994eea7a787aa06eb6f4111cdecfdcd56a7d8f84016dd0d8b888
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17410472A2CB86C2EB159F19E88026C73A4FB84B94F544435DBAD43724DF38E5AAC700
                                                                                                                                                                                                                                                Function 00007FFE74D718B0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_U_object@@$Eval_SaveThread$Arg_CertErr_Error@@FreeKeywordsParseRestoreStoreStringTupleWin_
                                                                                                                                                                                                                                                • String ID: CertSaveStore: specified SaveTo parameter is not supported yet$PyCERTSTORE::CertSaveStore$kkkO|k:PyCERTSTORE::CertSaveStore
                                                                                                                                                                                                                                                • API String ID: 2055751396-67509446
                                                                                                                                                                                                                                                • Opcode ID: e35e743d71dfaa799fbfd481adf6fb3b2e9877cc2502e622e089e0071ff0542f
                                                                                                                                                                                                                                                • Instruction ID: 31fe1b46f9a244e9bd798c4fd22a328cc5511458c767d5df418d0e048be3938a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e35e743d71dfaa799fbfd481adf6fb3b2e9877cc2502e622e089e0071ff0542f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4441F832B18A52C9EB108F65E8801BD3774FB89B98B044126DFAE53B68DF38D54AC740
                                                                                                                                                                                                                                                Function 00007FFE75854808 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                                                • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                                • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                                                • Opcode ID: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                                                                • Instruction ID: a2edabe18d455377b4276d55eca538d0c0973ca4c701cc0d2ab55a94424a670e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0416D23E2874393FB149B22E851279A7A1BF45F85FA80135DD6E47774EF2DE004A300
                                                                                                                                                                                                                                                Function 00007FFE74D762E0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_List_String
                                                                                                                                                                                                                                                • String ID: The certificate trust context has been closed
                                                                                                                                                                                                                                                • API String ID: 1546712769-2425537300
                                                                                                                                                                                                                                                • Opcode ID: d88eddf30120aa2ec1391e3519638e95170ca76914e1f2c35d6fb66bcadbf821
                                                                                                                                                                                                                                                • Instruction ID: 2fec92612e704500a0a8682689848902d4bd3ba7608f6c0861bc63b568db2b1d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d88eddf30120aa2ec1391e3519638e95170ca76914e1f2c35d6fb66bcadbf821
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB313D62A1CB42C2EB519F56E484179A3A5FBC4BA4F484031DA9E47764EE3CE54EC700
                                                                                                                                                                                                                                                Function 00007FFE74D7A300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 83threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Eval_Object_ThreadU_object@@$Arg_CertCheckDeallocEnumError@@FreeKeywordsList_OccurredParseRestoreSaveSequence_StoreStringSystemTupleWin_
                                                                                                                                                                                                                                                • String ID: CertEnumSystemStore$k|O:CertEnumSystemStore
                                                                                                                                                                                                                                                • API String ID: 1559264201-1448371782
                                                                                                                                                                                                                                                • Opcode ID: 963f4b7c8277bcf796c454c7bbc52a59f922cec132d0296640b1d5571f5d443f
                                                                                                                                                                                                                                                • Instruction ID: 860088edda0699e0ad8b0d6e63643e61bc9800e5fbf932400cf59ce4dffa5422
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 963f4b7c8277bcf796c454c7bbc52a59f922cec132d0296640b1d5571f5d443f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8631F632A2CB42C2EB519B65A48427A63A5FB84B84F540135EBAE43B74DF3DE54DCA00
                                                                                                                                                                                                                                                Function 00007FFE758524D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                                                • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                                • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                                                • Opcode ID: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                                                                • Instruction ID: cd2aaf969dfd38251c8d08125f437d482a78dc69b8330c861fdf94f43dcc75f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28312F23A7C70387FB555B21E824378E692BF49F81F445170E92E866B9EF2EF445A300
                                                                                                                                                                                                                                                Function 00007FFE74D4AD70 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                                                • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                • API String ID: 2830890580-4125661472
                                                                                                                                                                                                                                                • Opcode ID: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                                • Instruction ID: da737e54166e2bb9eace408c1e85ef5ba53a7fee7e30e8abdf6aa17aec0d4c94
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2314736B2CA46C2EB518B19E480269A3A0BB88B94F444131DFED43774EF7CD95A8701
                                                                                                                                                                                                                                                Function 00007FFE74D73210 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 75threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParseRestoreSaveStringSubjectTupleU_object@@VerifyWin_
                                                                                                                                                                                                                                                • String ID: CertVerifySubjectCertificateContext$Object must be of type PyCERT_CONTEXT$Ok:CertVerifySubjectCertificateContext$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 342392830-4012586357
                                                                                                                                                                                                                                                • Opcode ID: 2bc077aa27d32f1a7a9a452712a252d412cbb86ad3db9c2596383698149164fe
                                                                                                                                                                                                                                                • Instruction ID: 0c60535c32824a9bb756a6adf39d1d39d3e7bdbcdc9187a1bd4ceb37f8fdb48f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bc077aa27d32f1a7a9a452712a252d412cbb86ad3db9c2596383698149164fe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17312626A2CA52C2EB519B59F8C01B9A3A5FBC4B94B580032CBAD47674DE7CE58DC700
                                                                                                                                                                                                                                                Function 00007FFE74D7B8D8 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferBuildFreeFromLong_Mem_ReferenceValueView@@Voidmalloc
                                                                                                                                                                                                                                                • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3158920082-3520626638
                                                                                                                                                                                                                                                • Opcode ID: aee34084a5af3aaddf3dabe7caee63407142e1a6ce2f24b343492831a84ac5b9
                                                                                                                                                                                                                                                • Instruction ID: f3470644a6126a18da9e797aa5ce36fba3be2a8a059cb78330e153d5c8d1968a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aee34084a5af3aaddf3dabe7caee63407142e1a6ce2f24b343492831a84ac5b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D31B236A2DB41C6E7118F55E8801BD73B8FB88B98B544136DAAD53B29DF3CE549C700
                                                                                                                                                                                                                                                Function 00007FFE74D713E0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 70threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Eval_Thread$Arg_CertCloseDeallocError@@KeywordsParseRestoreSaveStoreStringTupleU_object@@WarnWin_
                                                                                                                                                                                                                                                • String ID: Certificate store is already closed$PyCERTSTORE::CertCloseStore$The Flags param to CertCloseStore is deprecated; a non-zero value is likely to crash$|k:PyCERTSTORE::CertCloseStore
                                                                                                                                                                                                                                                • API String ID: 728906781-504232729
                                                                                                                                                                                                                                                • Opcode ID: d7c92b83531a5487edd188cd45348d1bf23e9b87d14c7a7f84227a50b1da60b6
                                                                                                                                                                                                                                                • Instruction ID: e6816e5c00aab2038ff26a0132db88df3591ca959ffd526d0f78d99c53fa8858
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7c92b83531a5487edd188cd45348d1bf23e9b87d14c7a7f84227a50b1da60b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A31E836A2CA52C2EB118F59E88413D6364FB84BE4B540631DBAD47B74DF3CE55D8700
                                                                                                                                                                                                                                                Function 00007FFE74D7A4E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 69threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_ThreadU_object@@$Arg_CertDeallocEnumErr_Error@@FreeKeywordsList_Mem_Object_OccurredParsePhysicalRestoreSaveStoreTupleWin_
                                                                                                                                                                                                                                                • String ID: CertEnumPhysicalStore$Ok:CertEnumPhysicalStore
                                                                                                                                                                                                                                                • API String ID: 3491648194-703072266
                                                                                                                                                                                                                                                • Opcode ID: 9ec1f92dc868fbbacbcb2d2006ab48ec1e94c63ef1d60c47e6f2ead2345ac6ea
                                                                                                                                                                                                                                                • Instruction ID: ae8ff315ad19e633de6a4e5d0f0e70ae0ac465e70b06288fa537130e976dadb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ec1f92dc868fbbacbcb2d2006ab48ec1e94c63ef1d60c47e6f2ead2345ac6ea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C031F632A2DB06C1EB519B21A89877933A4BF88BC0F454136DBAE43764DF3DE54D8740
                                                                                                                                                                                                                                                Function 00007FFE758511B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                                • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                                • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                                                • Opcode ID: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                                                                • Instruction ID: 7e40e31abf6b6f012f94cc35de5b671a833a005915973584f0dc84d9ca385783
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4051BF27F2C34383FB60DB22A450679A691AF52FC4F945131DAAE87AB5DF2CE401B740
                                                                                                                                                                                                                                                Function 00007FFE74D4C090 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                • PyUnicode_FromWideChar.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1CC
                                                                                                                                                                                                                                                • PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                • PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectSizeValue_Wide
                                                                                                                                                                                                                                                • String ID: (iNN)$No error message is available$ignore
                                                                                                                                                                                                                                                • API String ID: 2848599001-37674240
                                                                                                                                                                                                                                                • Opcode ID: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                                • Instruction ID: f56fa54fe467b7219ae20ec75a24c63ec168601b6a89cd30de32a4a9fd0ab414
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9516D33A2CA46C2FA519F19A48027963A1AF84F94F554135DFAE437B4EF3CE44A8602
                                                                                                                                                                                                                                                Function 00007FFE758543F4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                                                • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                                                • Opcode ID: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                                                                • Instruction ID: 380851ae29cd56e55f2dee10cfdd2b6b5d999685f46966543e2d2e3a99866896
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D41A463E2878282FB258B15E8103B9A3A1FB45F94FA84235D97E476F4EF2CD5459300
                                                                                                                                                                                                                                                Function 00007FFE74D783B0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocErr_MemorySequence_Tuple@@U_object@@malloc
                                                                                                                                                                                                                                                • String ID: Object must be of type PyCERT_CONTEXT$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 2500920456-1580614774
                                                                                                                                                                                                                                                • Opcode ID: 3526201c84e1a4993558b7fa266d69a5e07bb6ef3e280248398264fedb485b9c
                                                                                                                                                                                                                                                • Instruction ID: 2033d8ab1f7facfd1de5ad4051e4e1a8c6c3793e11a9fc0256613263f809e4d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3526201c84e1a4993558b7fa266d69a5e07bb6ef3e280248398264fedb485b9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C410633A2DA52C2EB52DF55E49813C73A9BB84B94B094131EBAD43760EF7CE599C700
                                                                                                                                                                                                                                                Function 00007FFE74D71CE0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertErr_Error@@KeywordsLinkParseReferenceRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertAddCertificateLinkToStore$Object must be of type PyCERT_CONTEXT$Ok:CertAddCertificateLinkToStore$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 2075955176-2827904824
                                                                                                                                                                                                                                                • Opcode ID: 10c386eca6322b0a89886dac6b3fdee227c2074334e3771e000f4419bbc6e788
                                                                                                                                                                                                                                                • Instruction ID: 08cfe4e4826f9397449409eac35972967b057123c6e17a5708f5c4e0bb4964df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10c386eca6322b0a89886dac6b3fdee227c2074334e3771e000f4419bbc6e788
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8310563A2DB46C1EB018B56A8842B963A5FB84BD5F484032DFAE07774DE3CE58DC700
                                                                                                                                                                                                                                                Function 00007FFE74D71B90 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParseReferenceRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertAddCertificateContextToStore$Object must be of type PyCERT_CONTEXT$Ok:CertAddCertificateContextToStore$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 3115178827-3904690713
                                                                                                                                                                                                                                                • Opcode ID: 633acb078bbf3c90e220ae0fad0aba97a869c7f29781002646f2fb95aee5cc82
                                                                                                                                                                                                                                                • Instruction ID: 3b089b3d9b4384725e9a69a452ba80db2c4a9dacdc963e77cc2e0f4ef7ee50df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 633acb078bbf3c90e220ae0fad0aba97a869c7f29781002646f2fb95aee5cc82
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92312663B2DB46C1EB018B56A8802B963A5FB84BD5F484132DBAE03774DE3CE58DC700
                                                                                                                                                                                                                                                Function 00007FFE74D71E30 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 88threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertContextErr_Error@@FromKeywordsLong_ParseReferenceRestoreSaveStoreStringTupleU_object@@VoidWin_
                                                                                                                                                                                                                                                • String ID: CertAddCTLContextToStore$Object must be of type PyCTL_CONTEXT$Ok:CertAddCTLContextToStore
                                                                                                                                                                                                                                                • API String ID: 4091638707-1852074204
                                                                                                                                                                                                                                                • Opcode ID: 298afc0992a9e264915c8ce7cc88d61e1e562ad450a2216d75597a4e3c5a28de
                                                                                                                                                                                                                                                • Instruction ID: bc3d068352c023ef1bd3975b87dc65449e2d53d04f0a7792e1a3bb161e8c65a1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 298afc0992a9e264915c8ce7cc88d61e1e562ad450a2216d75597a4e3c5a28de
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07312767A19B02C1EB018F16A88427963A5FB88BD5F480132DFAE43764DF3CE48DC700
                                                                                                                                                                                                                                                Function 00007FFE74D71F80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertErr_Error@@FromKeywordsLinkLong_ParseReferenceRestoreSaveStoreStringTupleU_object@@VoidWin_
                                                                                                                                                                                                                                                • String ID: CertAddCTLLinkToStore$Object must be of type PyCTL_CONTEXT$Ok:CertAddCTLLinkToStore
                                                                                                                                                                                                                                                • API String ID: 4118693733-2167048104
                                                                                                                                                                                                                                                • Opcode ID: 9ac093f3347301472c4b224003ee9ee1201f5f29f522eff83e831e6f3bd5fecc
                                                                                                                                                                                                                                                • Instruction ID: 9594c678318c710b44b428325405a8f685be2eea6aa4c15e4ebbcef364b837da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ac093f3347301472c4b224003ee9ee1201f5f29f522eff83e831e6f3bd5fecc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7313867A19B42C1EB018F16A8841B963A5FB88BD5F484132DFAE43774DE3CE48DC700
                                                                                                                                                                                                                                                Function 00007FFE74D77180 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: From$Bytes_DecodeObject_SizeStringU_object@@Unicode_
                                                                                                                                                                                                                                                • String ID: ObjId$Value$ValueType${s:s, s:k, s:N}
                                                                                                                                                                                                                                                • API String ID: 3087831822-1124644876
                                                                                                                                                                                                                                                • Opcode ID: c0b9a7f22bdf30f6073f6549b9224d6f407f286834aeaa5365f259869970dba7
                                                                                                                                                                                                                                                • Instruction ID: 574edd4d4a53497cd7954630255bc1cdd5309e49f8c4f209c18dc33886b4fa2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0b9a7f22bdf30f6073f6549b9224d6f407f286834aeaa5365f259869970dba7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E312433A2CB42C6EB118F51E88457963A8EB88B84F090835EFAE57764DE3CE549C700
                                                                                                                                                                                                                                                Function 00007FFE74D7B89C Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 68COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferBuildFreeMem_ReferenceValueView@@malloc
                                                                                                                                                                                                                                                • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3234142203-3520626638
                                                                                                                                                                                                                                                • Opcode ID: be5ba9cf2c52ab8c6484f8d0f5f192128bd78cf0806263e4d257c599e1124afa
                                                                                                                                                                                                                                                • Instruction ID: 98c1f0f0289f3da449d1f5eb03ef416df23698cf5f5ab45230cbbb0ad9afe061
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be5ba9cf2c52ab8c6484f8d0f5f192128bd78cf0806263e4d257c599e1124afa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9231C236A2DB41C5E7118F55E8801B973B8FB88B98B540136DAAD53B39DF3CE509C700
                                                                                                                                                                                                                                                Function 00007FFE74D7E960 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Eval_Thread$Arg_Bool_FreeFromKeywordsLongMem_Object_ParsePasswordRestoreSaveTupleU_object@@U_object@@_Verify
                                                                                                                                                                                                                                                • String ID: OOk:PFXVerifyPassword
                                                                                                                                                                                                                                                • API String ID: 1593006440-1626740757
                                                                                                                                                                                                                                                • Opcode ID: cc6aa2b46b447c727ebda5afecfe78a8e37562766655ce1fa0897fa6b9402fe5
                                                                                                                                                                                                                                                • Instruction ID: 33502baae49e2370f07f6ff3d0f8289a2f575ebc1392f368e442b3b3001cc151
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc6aa2b46b447c727ebda5afecfe78a8e37562766655ce1fa0897fa6b9402fe5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C031C42661CA86C2DB608B55F4947BAB365FB89B84F444035DBDE83A68DF3CD54C8B00
                                                                                                                                                                                                                                                Function 00007FFE74D7B91D Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FromLong_Void$BufferBuildFreeMem_ReferenceValueView@@
                                                                                                                                                                                                                                                • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3720317137-3520626638
                                                                                                                                                                                                                                                • Opcode ID: 891046fcca284d9e03d77673ac79869b39fbb437459b48f92e2d993ba42f35a3
                                                                                                                                                                                                                                                • Instruction ID: ec51f64999fd8bd7cd70bfc4f25253c6599876fdb50e9415d674f5c670f0ede8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 891046fcca284d9e03d77673ac79869b39fbb437459b48f92e2d993ba42f35a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7721B236A2DA45D6EB118B55E8800BD73B8FB88794B540136DAAD53B39DF3CE549C700
                                                                                                                                                                                                                                                Function 00007FFE74D78E20 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildValue_$Bytes_DeallocFromStringTuple_
                                                                                                                                                                                                                                                • String ID: PolicyIdentifier$PolicyQualifier$PolicyQualifierId$Qualifier${s:s, s:N}${s:s,s:N}
                                                                                                                                                                                                                                                • API String ID: 739664917-3040507794
                                                                                                                                                                                                                                                • Opcode ID: 226b61b421058693266f6982fd65bfd7fdf3c863fe91ba24ca669fc089477a73
                                                                                                                                                                                                                                                • Instruction ID: c292acb9b124dfe0994cf670141defd47318b16deb0b2ddf3836b86d3ea4da18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 226b61b421058693266f6982fd65bfd7fdf3c863fe91ba24ca669fc089477a73
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6210436A2CB52D2EB10CF10E4840697768FB88B84B444576DBAD03B74EF3DE55AC740
                                                                                                                                                                                                                                                Function 00007FFE74D4BDA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
                                                                                                                                                                                                                                                • String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                                • API String ID: 4234957216-1490924957
                                                                                                                                                                                                                                                • Opcode ID: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                                • Instruction ID: 26662795e33447b86d25f8b8052ed5ea6a678596ab38b73c7c645d2097428635
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB11DA3692DA06C2EB56DB24E8D477963A0BF54B54F500439C7AE03774EE7CE55C9301
                                                                                                                                                                                                                                                Function 00007FFE74D77C60 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                                                                • String ID: CRYPT_SIGN_MESSAGE_PARA: HashAuxInfo parm not yet supported$CRYPT_SIGN_MESSAGE_PARA: MsgCrl parm not yet supported$OO|OOOOOkkk:CRYPT_SIGN_MESSAGE_PARA$Object must be of type PyCERT_CONTEXT$Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 1444107868-2519308533
                                                                                                                                                                                                                                                • Opcode ID: 98e464784276a59d2b0b045435c86bcef1f0ce8fdc3807a90172b2d791ad2536
                                                                                                                                                                                                                                                • Instruction ID: c817cb5d03ae98bb819bd72bf320b19360fa81c0ee1134d806184c198d0758bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98e464784276a59d2b0b045435c86bcef1f0ce8fdc3807a90172b2d791ad2536
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2510963A1CB82C1EB518F24E4803B973A9FB84B84F505136DB9C47664EF7CE599C740
                                                                                                                                                                                                                                                Function 00007FFE74D4C700 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32 ref: 00007FFE74D4C73D
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32 ref: 00007FFE74D4C76F
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32 ref: 00007FFE74D4C7A2
                                                                                                                                                                                                                                                • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFE74D4C7DB
                                                                                                                                                                                                                                                • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFE74D4C7E8
                                                                                                                                                                                                                                                • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFE74D4C7F5
                                                                                                                                                                                                                                                • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFE74D4C802
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312 ref: 00007FFE74D4C840
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4A170: PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFE74D499ED), ref: 00007FFE74D4A1B4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4A170: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFE74D499ED), ref: 00007FFE74D4A213
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$FromLongLong_Unsigned$FileSystem$BuildDeallocSizeValue_$AttrDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
                                                                                                                                                                                                                                                • String ID: FileTimeToSystemTime$lNNNNNNNuu
                                                                                                                                                                                                                                                • API String ID: 198253700-4021486075
                                                                                                                                                                                                                                                • Opcode ID: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                                • Instruction ID: 5ca60e17d8fd488575575060e6f5e2a14820fd9a661256117e924516fe456852
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9414C33A2CA45D2E611DB15F8845AAB3A4FB88B80F414032DFAD42B75EF3CE44AD701
                                                                                                                                                                                                                                                Function 00007FFE74D71A30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 83threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadView@@$Arg_CertCertificateEncodedError@@KeywordsParseRestoreSaveStoreTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                                • String ID: PyCERTSTORE::CertAddEncodedCertificateToStore$kOk:CertAddEncodedCertificateToStore
                                                                                                                                                                                                                                                • API String ID: 3039583314-3378692726
                                                                                                                                                                                                                                                • Opcode ID: 85bfe71ad00585f58138ad011e0596d0c86a4ebad7124706af7093a30b0d8a95
                                                                                                                                                                                                                                                • Instruction ID: 21d1e58b02f62a4427e83f70a7e77c7dbc9091a6b1ff97dede3aa597162259f8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85bfe71ad00585f58138ad011e0596d0c86a4ebad7124706af7093a30b0d8a95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC410936A2CB41C2E7108F15E88466D73A9FB99B84F544236DBAD43B64DF3CD949C740
                                                                                                                                                                                                                                                Function 00007FFE74D761E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_List_String
                                                                                                                                                                                                                                                • String ID: The certificate trust context has been closed
                                                                                                                                                                                                                                                • API String ID: 1546712769-2425537300
                                                                                                                                                                                                                                                • Opcode ID: cb0d3b662a4503c8a4386d0f26b00bd50232edcb57c568a3340bf02d429b770b
                                                                                                                                                                                                                                                • Instruction ID: bb55f8006b19b33ffb1529972c7d934bf0e2aef5a735839809cd23bb06cf734b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb0d3b662a4503c8a4386d0f26b00bd50232edcb57c568a3340bf02d429b770b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D214127A2DA43C5EB558F65A49413D63A8AFC8BA4B480031DFAE47774FE3CE55D8300
                                                                                                                                                                                                                                                Function 00007FFE74D7AB80 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CertError@@KeywordsParseRestoreSaveStoreSystemTupleUnregisterWin_
                                                                                                                                                                                                                                                • String ID: CertUnregisterSystemStore$Ok:CertUnregisterSystemStore
                                                                                                                                                                                                                                                • API String ID: 76350630-1006014767
                                                                                                                                                                                                                                                • Opcode ID: e89f042e54109d4d1a37db057e2ec975e615ccce343414b5fa84669c0ecefb9c
                                                                                                                                                                                                                                                • Instruction ID: 013a943e698e709631a623fdc254c08bd1954990e6a18de89200c4fadd6506d8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e89f042e54109d4d1a37db057e2ec975e615ccce343414b5fa84669c0ecefb9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A421CC26A2CB51C2E7409B55F88457AB768FBC4BD0B444035EAEE43B74CE7CD549C700
                                                                                                                                                                                                                                                Function 00007FFE74D76880 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • pvPara must be represented as a sequence of (PyHKEY, string/unicode), xrefs: 00007FFE74D768A1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Sequence_$DeallocItemObject_U_object@@$CheckErr_SizeStringY__@@@
                                                                                                                                                                                                                                                • String ID: pvPara must be represented as a sequence of (PyHKEY, string/unicode)
                                                                                                                                                                                                                                                • API String ID: 3671526842-570033640
                                                                                                                                                                                                                                                • Opcode ID: 9ef868af4118252191641dd7c19d517e50ca020eb87e7b258840976193ca259c
                                                                                                                                                                                                                                                • Instruction ID: 5c9c8e2785411fdd6b08d4ba8fb25542058a2684c55620bb83f453616732e9c6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ef868af4118252191641dd7c19d517e50ca020eb87e7b258840976193ca259c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15211F33A2CA43C1EB548F66A88453963A5EBC5BD5F085030DBAE4B764EE3CE48D8300
                                                                                                                                                                                                                                                Function 00007FFE74D4BCD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyObject_GetAttrString.PYTHON312 ref: 00007FFE74D4BCEC
                                                                                                                                                                                                                                                • PyErr_Clear.PYTHON312 ref: 00007FFE74D4BCFA
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB65
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB73
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB81
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB90
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB9B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBA4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBB3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBC7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Format.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBE6
                                                                                                                                                                                                                                                • PyCallable_Check.PYTHON312 ref: 00007FFE74D4BD08
                                                                                                                                                                                                                                                • PyObject_CallObject.PYTHON312 ref: 00007FFE74D4BD17
                                                                                                                                                                                                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFE74D4BD29
                                                                                                                                                                                                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFE74D4BD5F
                                                                                                                                                                                                                                                • PyErr_Clear.PYTHON312 ref: 00007FFE74D4BD69
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D4BD80
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$ClearDeallocOccurred$Long_Object_String$AttrCallCallable_CheckFormatNumber_ObjectUnsigned
                                                                                                                                                                                                                                                • String ID: Expected a socket object or numeric socket handle$fileno
                                                                                                                                                                                                                                                • API String ID: 4289764861-511972153
                                                                                                                                                                                                                                                • Opcode ID: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                                • Instruction ID: 42740d029bd516211441d4d0d32ef85bacbe42df0e5c5bffc5ad353a15fdae41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E214F32B2CA46C1EA459F6AB9C4139A261AF94BD4F084031DFAE57775EF2CE44A9301
                                                                                                                                                                                                                                                Function 00007FFE74D7A1B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertDeallocEnumErr_Error@@KeywordsList_LocationOccurredParseRestoreSaveStoreSystemTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertEnumSystemStoreLocation$|k:CertEnumSystemStoreLocation
                                                                                                                                                                                                                                                • API String ID: 1777273059-4282623423
                                                                                                                                                                                                                                                • Opcode ID: 3d960c4faeb7069bc676d73643ddfab40c0284c1adb08696be3b56f9014fe064
                                                                                                                                                                                                                                                • Instruction ID: 5112d90ff04eb215a20fb60856e5472cdb7a005f152a62fd42f26e96cede8944
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d960c4faeb7069bc676d73643ddfab40c0284c1adb08696be3b56f9014fe064
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E11FC26A2CB52C2EB559F65F488179A3A4BF89BD0F440135CBAD43B74DE3DE54D8700
                                                                                                                                                                                                                                                Function 00007FFE74D49840 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
                                                                                                                                                                                                                                                • String ID: TimeZoneInfo$utc$win32timezone
                                                                                                                                                                                                                                                • API String ID: 4031171350-3909237026
                                                                                                                                                                                                                                                • Opcode ID: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                                • Instruction ID: 8e207caf8f4cf5b178b2bf7e356b5c04fb3d23e5827fecbff5795967d8a741d7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91210033E2DB4AC1EE568B29E8C457863A1AF49B90F445435CFAD06774EE2CE44D9701
                                                                                                                                                                                                                                                Function 00007FFE75852740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                                • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                                • Instruction ID: c96f07f71183eb5609a9bbd19172cb81cafbef3a3f1112ae73db7075e1150be4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0581B123E3C34747FB55AB6594412B9A690AF45F80F844135E97E833B6DF3EE845A700
                                                                                                                                                                                                                                                Function 00007FFE78471030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582290860.00007FFE78471000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE78470000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582272911.00007FFE78470000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582307436.00007FFE78473000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582323693.00007FFE78475000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78470000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                                • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                • Instruction ID: e11a1f98842f3e0bd66fa20794862290acded6676ec6db7a7810a27f1bd0c4a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B81BF23E3C24386FA509B6794412B96EB0AF75780F744035D9EC977B6FEACE6058708
                                                                                                                                                                                                                                                Function 00007FFE74D7F3E4 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                                • Opcode ID: 835bbe5b0b90874ad59693feb0988abd7f6f61f1015cdd76da9fac53434a864d
                                                                                                                                                                                                                                                • Instruction ID: 837344d098fa546510cdab7dda904d9f3cbaa258082692ecce2deaec52916502
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835bbe5b0b90874ad59693feb0988abd7f6f61f1015cdd76da9fac53434a864d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60816E23E2C643C6FB629B6598C12B962D4AF89784F14403DDBAD477B6DE3CE64D8700
                                                                                                                                                                                                                                                Function 00007FFE78451030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582072210.00007FFE78451000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE78450000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582054414.00007FFE78450000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582090123.00007FFE78454000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582106730.00007FFE78455000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582123217.00007FFE78456000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78450000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                                • Opcode ID: 4a4326d08ce927c1f365e63b7101b1e5be19474ae05a0e5b91d0bd5173d7ba57
                                                                                                                                                                                                                                                • Instruction ID: 48e70d766ec4547302c18bd71d19b0b419e479914d23c1edf5823b466b241407
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a4326d08ce927c1f365e63b7101b1e5be19474ae05a0e5b91d0bd5173d7ba57
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD817163E2C24346F6509B67944127D1EB0AF75780F744137E92D877B6FEACEA01A608
                                                                                                                                                                                                                                                Function 00007FFE74D7EEB0 Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ReadyType_$Module_$Create2DictEnsure@@Globals_Tuple_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 740114199-0
                                                                                                                                                                                                                                                • Opcode ID: 0e385c57cc21cb54bddbea2df93a7bcfde5624c2a4d89f2eb2c48f2319c9fdf3
                                                                                                                                                                                                                                                • Instruction ID: ef54152c07e665981502584838055864eebc4d0a86fb6234642211983eb7394a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e385c57cc21cb54bddbea2df93a7bcfde5624c2a4d89f2eb2c48f2319c9fdf3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F521FF2397C906C2E7159725ACD80386269AF957B1FA40771D2BF815F0FF3CA9AE8200
                                                                                                                                                                                                                                                Function 00007FFE74D7AA50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_ThreadU_object@@$Arg_CertCheckErr_Error@@FreeKeywordsParseRegisterRestoreSaveSequence_StoreStringSystemTupleWin_
                                                                                                                                                                                                                                                • String ID: CertRegisterSystemStore$Ok:CertRegisterSystemStore
                                                                                                                                                                                                                                                • API String ID: 285079833-494802307
                                                                                                                                                                                                                                                • Opcode ID: b997f9a2ac4180fcfe81190e16b5724dd7e6979e9abafcc0edc84c563f3beee0
                                                                                                                                                                                                                                                • Instruction ID: 472a9a9270331aa6cd4f1666870e64e2c43b525659e8c39eafaf1e96db4b6eba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b997f9a2ac4180fcfe81190e16b5724dd7e6979e9abafcc0edc84c563f3beee0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF31E533A2CA42C2E7519B65B8D057A73A5FBC4B90F540135EBAE43A78DF3CE5498B00
                                                                                                                                                                                                                                                Function 00007FFE74D720C0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 67threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertCollectionErr_Error@@KeywordsParseRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                                • String ID: CertAddStoreToCollection$Object must be of type PyCERTSTORE$O|kk:CertAddStoreToCollection
                                                                                                                                                                                                                                                • API String ID: 1239160312-826948340
                                                                                                                                                                                                                                                • Opcode ID: 4bf5d8587867fd4c0caf4860633a02a570f078ca0fdd60e9a774f4b6e0927e3e
                                                                                                                                                                                                                                                • Instruction ID: 42316c7b1072c2ab7a0e23ab0630a89f139216137b5cf6913e6d45e2bc096488
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bf5d8587867fd4c0caf4860633a02a570f078ca0fdd60e9a774f4b6e0927e3e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0331B272A1CA46C2EB009F56E88447973A5FB88BD4B590036DBAD43774DE3CE98DC700
                                                                                                                                                                                                                                                Function 00007FFE74D724A0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: From$Bool_BuildBytes_LongSizeStringTuple_Value
                                                                                                                                                                                                                                                • String ID: Critical$ObjId$Value${s:s,s:N,s:N}
                                                                                                                                                                                                                                                • API String ID: 3744456896-3786422732
                                                                                                                                                                                                                                                • Opcode ID: d86209c29432c3dde1ab25b32e536cb4df9c6b590ee9a9ef732ec298b1076f98
                                                                                                                                                                                                                                                • Instruction ID: 582ad1d1cfdc19c96e6e7cc1265730034d0a84ace2d4ce9b0b1efdf8cfa9cde9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d86209c29432c3dde1ab25b32e536cb4df9c6b590ee9a9ef732ec298b1076f98
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F212477A1DB42C2EB118B25A88817967A5FB89B94F080135DFAD03728EF3CE589C740
                                                                                                                                                                                                                                                Function 00007FFE758545B8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                                • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                                                • Opcode ID: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                                                                • Instruction ID: 7687f6ec42e32ab84243ef28821993a6c2d14cbf8ff27744d4b8d78a29b2a890
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A211972E2874693FB149F65E450279A3A0EF54F88FA84531DA2E87674EF2CE549A300
                                                                                                                                                                                                                                                Function 00007FFE74D73867 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$BufferCertCertificateContextErr_Error@@FreeLongLong_Object_OccurredPropertyRestoreSaveU_object@@UnsignedView@@Win_
                                                                                                                                                                                                                                                • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 2928820455-430795800
                                                                                                                                                                                                                                                • Opcode ID: 2e63ff136cb6f8eb7a8a1f81ee5c6e66102bebf8cd2b18707f89aa9ccd190eba
                                                                                                                                                                                                                                                • Instruction ID: 97c0a831f46fd648ee44309b93ea1195cc4748795bb875a1b6d91b5003001d11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e63ff136cb6f8eb7a8a1f81ee5c6e66102bebf8cd2b18707f89aa9ccd190eba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77113A37A2C602C6E7599B6594D85BC2364EB8AB94F040131CBAE43BB4DF3CAA4DC300
                                                                                                                                                                                                                                                Function 00007FFE74D7EA90 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$Eval_Thread$Arg_BlobBool_FromKeywordsLongParseRestoreSaveTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: O:PFXIsPFXBlob
                                                                                                                                                                                                                                                • API String ID: 4233107956-3232074968
                                                                                                                                                                                                                                                • Opcode ID: c902f638b6a86670357d8ed2a1be939ca533ff15fe386638eafad22a1a58b6db
                                                                                                                                                                                                                                                • Instruction ID: e7312935f91a95103427c8b8e405db2a1840dd0221787af981281c4b35792abf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c902f638b6a86670357d8ed2a1be939ca533ff15fe386638eafad22a1a58b6db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1111B826A2CB86C2DB609B65F48477A63A4FB89B94F840035DA9E43B65DF3CD54CCB00
                                                                                                                                                                                                                                                Function 00007FFE74D312D0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abort$AdjustPointermemmove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 338301193-0
                                                                                                                                                                                                                                                • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                                                                                • Instruction ID: 57a8d0f8a55126e2f61047d1540e7b34f50e1187cd291e72c5a941d07a898cb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D51AC23A2EA83C1EE65DF1195D463C6794EF44B84F0A8435DBED06AB1DF3CE8498310
                                                                                                                                                                                                                                                Function 00007FFE74D31650 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                                • API String ID: 211107550-393685449
                                                                                                                                                                                                                                                • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                                                                                • Instruction ID: 447f9a843447eacad0866c07d429d77611d31ef8826500916fb6adcbf8f59fdf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AE1807392CA82CAE7109F65D4C42AD77A0FB45788F144236DBED576A6DF38E489C700
                                                                                                                                                                                                                                                Function 00007FFE74D71500 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_ThreadU_object@@$Arg_CertControlError@@KeywordsObject_ParseRestoreSaveStoreTupleWin_
                                                                                                                                                                                                                                                • String ID: CertControlStore$kkO:CertControlStore
                                                                                                                                                                                                                                                • API String ID: 2053635168-113208596
                                                                                                                                                                                                                                                • Opcode ID: e1665dd52756a6bb5379aa5031db5c7b66e1ddc10190df535098779e1e7791b3
                                                                                                                                                                                                                                                • Instruction ID: 36a8b6a26990e60a034bfa3a7e0bf14adde49b346977d5b64763bc1cc1aca3b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1665dd52756a6bb5379aa5031db5c7b66e1ddc10190df535098779e1e7791b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E021C372B2CA06C2EB048F56E88447D33A9FB88B90B540136DBAE43764DE38D59DC740
                                                                                                                                                                                                                                                Function 00007FFE74D7381E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_ThreadU_object@@$BufferCertCertificateContextE@@@Error@@FreePropertyRestoreSaveView@@Win_
                                                                                                                                                                                                                                                • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 2839949420-430795800
                                                                                                                                                                                                                                                • Opcode ID: cd4a22de232935c4551e60f96e6fd2d1b7a3e280d5735cb79b9b62dd666cbd74
                                                                                                                                                                                                                                                • Instruction ID: c3dfb813f60f9bd165e01414702126c7eb01ef77c42cda70755c9080d099db54
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd4a22de232935c4551e60f96e6fd2d1b7a3e280d5735cb79b9b62dd666cbd74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B721F527B2C642CAE7558F65E8D457C2369EB89B84B480431DBAE53B74DF28EA0DC300
                                                                                                                                                                                                                                                Function 00007FFE74D7388D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadView@@$?init@CertCertificateContextError@@FreeObject_PropertyRestoreSaveU_object@@U_object@@_Win_
                                                                                                                                                                                                                                                • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 1617547322-430795800
                                                                                                                                                                                                                                                • Opcode ID: f27181a7de84c328d29fba2eb0f6b290ac4dc65668c650c412085dbecc3828c4
                                                                                                                                                                                                                                                • Instruction ID: ba94bf16bebdc8cb1168348342bf45b3a3c5a4e9da839d0802864c4f5bb2bb3e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f27181a7de84c328d29fba2eb0f6b290ac4dc65668c650c412085dbecc3828c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4110837B28542CAE7559F65E4D49BC2365EB89B84B080031DF9E53B64DE29EA0DC700
                                                                                                                                                                                                                                                Function 00007FFE74D73844 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_ThreadU_object@@$BufferCertCertificateContextError@@FreePropertyRestoreSaveView@@Win_
                                                                                                                                                                                                                                                • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                                • API String ID: 1244965724-430795800
                                                                                                                                                                                                                                                • Opcode ID: 9e134f5eb02bdcca9df14db372a070e58457e34017cec55f7ee906a1eaa94e11
                                                                                                                                                                                                                                                • Instruction ID: ec876a6d4df59ec206b2689940013a70a0f92e4551a8545c3559a93118d001b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e134f5eb02bdcca9df14db372a070e58457e34017cec55f7ee906a1eaa94e11
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5111737B2C552CAE7159F65E8945BC2365EB89B84B480031DF9E53A64DE38EA0DC700
                                                                                                                                                                                                                                                Function 00007FFE74D49A20 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
                                                                                                                                                                                                                                                • String ID: (s)$strftime
                                                                                                                                                                                                                                                • API String ID: 4125559156-1254993691
                                                                                                                                                                                                                                                • Opcode ID: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                                • Instruction ID: 43846fc130d25a0127f4d1a96320c412185d56c93273594856ddcb1ccd33de48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16113332A2DB46C2FE558F66A5C5535A391AF45BC0F485434DFAD07BA4EE2CE4098700
                                                                                                                                                                                                                                                Function 00007FFE74D7A798 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$BufferCertErr_ErrorFreeLastObject_OpenRestoreSaveStoreView@@Warn
                                                                                                                                                                                                                                                • String ID: Para ignored for CERT_STORE_PROV_MEMORY
                                                                                                                                                                                                                                                • API String ID: 1900364133-3327432420
                                                                                                                                                                                                                                                • Opcode ID: bfb33b5b48d9b566eda6fa14350e6de23841308bfd04e6c5fa9fb377fc83401c
                                                                                                                                                                                                                                                • Instruction ID: 2d9e67d92733ffec6584ddfc5925d8130cd529cb9057683e14b65f51b30f2744
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfb33b5b48d9b566eda6fa14350e6de23841308bfd04e6c5fa9fb377fc83401c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C711D826B2CA42C9E7158F66E88467C2365BB84BD4F040135CEAE67B74CE3CE94E8300
                                                                                                                                                                                                                                                Function 00007FFE74D73010 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 38threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CertErr_Error@@IntendedRestoreSaveStringU_object@@UsageWin_
                                                                                                                                                                                                                                                • String ID: CertGetIntendedKeyUsage$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 1728261811-2907928091
                                                                                                                                                                                                                                                • Opcode ID: e77172f3517c24f7ac26652bf83582cf610565c9766c26ad3f2470ec7aaf91c5
                                                                                                                                                                                                                                                • Instruction ID: c2026ae04107d15444ffceb5ed4be361360d8ad5dec2207106f9972d1602c145
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e77172f3517c24f7ac26652bf83582cf610565c9766c26ad3f2470ec7aaf91c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF012562B2CA42C2EB148F66E8C45792369EF98B95F481031CBAE07674DE2CD99DC700
                                                                                                                                                                                                                                                Function 00007FFE74D79070 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$Bytes_FromString$BuildValue_
                                                                                                                                                                                                                                                • String ID: CertIssuer$CertSerialNumber$KeyId${s:N, s:N, s:N}
                                                                                                                                                                                                                                                • API String ID: 2781604664-3203442839
                                                                                                                                                                                                                                                • Opcode ID: dd284099436d09809f66bca25f393a4917dcd55638179a0eef1fd78708d07dac
                                                                                                                                                                                                                                                • Instruction ID: d121dcda51a2631e1fb07cf8ec7e0ad7f8c39a382216fb3cd2097d76a1f08157
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd284099436d09809f66bca25f393a4917dcd55638179a0eef1fd78708d07dac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE019776A18B41D2D710CB55F88406A7378FB88B90B544172DBDE43B24DF7DD55AC740
                                                                                                                                                                                                                                                Function 00007FFE74D774E0 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: ExtraInfo$GroupId$Name$OID$Value${s:s,s:u,s:k,s:k,s:N}
                                                                                                                                                                                                                                                • API String ID: 1860207225-1172115252
                                                                                                                                                                                                                                                • Opcode ID: e933852c63ae730845ffaf1568978656f5160778305068bd4a6a0f355868c62d
                                                                                                                                                                                                                                                • Instruction ID: b5b62485ee4cc11a9167849774bf8904d06d7e5358008e0325288b8d78a6e2c7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e933852c63ae730845ffaf1568978656f5160778305068bd4a6a0f355868c62d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6601C476A19B45D6DB10CF14E8804A973B8FB88B58B500136DBAD43734EF3DD5A9CB40
                                                                                                                                                                                                                                                Function 00007FFE74D4E908 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                                                                                • Opcode ID: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                                • Instruction ID: 357ec09363abb892f4af4ad95e7f71e62eaebb2dcad5763409ed6ff384bb8947
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87819033E2C64BD6FA909B6D94C12B96691AF49784F044039DFED436F6DE3CE44A8602
                                                                                                                                                                                                                                                Function 00007FFE74D335E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D33665
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D33673
                                                                                                                                                                                                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D3368C
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D3369E
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D3370C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE74D3379F,?,?,00000000,00007FFE74D335D0,?,?,?,?,00007FFE74D3334D), ref: 00007FFE74D33718
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                                • API String ID: 916704608-2084034818
                                                                                                                                                                                                                                                • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                                                                                • Instruction ID: b418b9c829e00d6289af303f7ed3706a1fccda16c36345e22051029be137badd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F831B023B2EB42C6EE119B16A9902B52398BF48B64F594534DFBD073A4DF7CE4498700
                                                                                                                                                                                                                                                Function 00007FFE74D458F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D45958
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB65
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB73
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB81
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB90
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB9B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBA4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBB3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBC7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Format.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBE6
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D45999
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 00007FFE74D459AC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                • String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                • API String ID: 3516211060-2695813183
                                                                                                                                                                                                                                                • Opcode ID: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                                • Instruction ID: c86599153a866c1a2fef012f30192abe8ee84b9407e25d431d6920c2bb504090
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E216523B2CA46C1EB018B65E4E017963A1EB85B94F455031DFEE47674EF2CE98ED701
                                                                                                                                                                                                                                                Function 00007FFE74D47040 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocErr_StringUnicode_strcmp
                                                                                                                                                                                                                                                • String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
                                                                                                                                                                                                                                                • API String ID: 2499284733-1426751177
                                                                                                                                                                                                                                                • Opcode ID: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                                • Instruction ID: b40a841d8236877261762b859c90a3ba2379cb35bb75caee529ce7bf137c654f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C212132B2DA42C1EA558B56E4C00786370FB48BC4F445131EFAD47775DF2CE59A9301
                                                                                                                                                                                                                                                Function 00007FFE74D4D0A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Buffer_Err_Release$BufferFormatObject_String
                                                                                                                                                                                                                                                • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                • API String ID: 1670810688-686265896
                                                                                                                                                                                                                                                • Opcode ID: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                                • Instruction ID: b5d1b683e4352a16316db1636fadc2a6f419440c657f0c04cce215b1d8ea25d7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9212F3362DA46C1EB958F19E894239A3A0EB84F94F184431DEBE476B4DF3CD459D341
                                                                                                                                                                                                                                                Function 00007FFE74D46450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFE74D464CA
                                                                                                                                                                                                                                                • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFE74D464EE
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
                                                                                                                                                                                                                                                • String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
                                                                                                                                                                                                                                                • API String ID: 507489655-1767028231
                                                                                                                                                                                                                                                • Opcode ID: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                                • Instruction ID: 70a07835a7af2a022affd6709bbe1846be29839cc9c94a1a160e4b81c71eea57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D213372B2CA46C1EB518F59F4C4169A360FB887A4F445135EBBE436A8EE3CD49DD700
                                                                                                                                                                                                                                                Function 00007FFE75737440 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 302COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy$memset$memmove
                                                                                                                                                                                                                                                • String ID: "%w" $%Q%s
                                                                                                                                                                                                                                                • API String ID: 3094553269-1987291987
                                                                                                                                                                                                                                                • Opcode ID: 76a79a9a0c9ad75ce3462e3ecd80cd37abcddcb9193abaad3db594063b6a3bbc
                                                                                                                                                                                                                                                • Instruction ID: 59d1d75d38508ad7298483c5821d61c87c1526e6bf7183258f82b6fb112c8a47
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76a79a9a0c9ad75ce3462e3ecd80cd37abcddcb9193abaad3db594063b6a3bbc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81C1B063A2ABC286EA14DF55E450279ABA0FB46FA0F144235DA7E0B7A4DF3CE551C300
                                                                                                                                                                                                                                                Function 00007FFE74D721D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertCollectionErr_FromKeywordsParseRemoveRestoreSaveStoreStringTuple
                                                                                                                                                                                                                                                • String ID: O:CertRemoveStoreFromCollection$Object must be of type PyCERTSTORE
                                                                                                                                                                                                                                                • API String ID: 774358558-3549291170
                                                                                                                                                                                                                                                • Opcode ID: e02bc9f5334d682bb5f1c7c4bc9ad87889e86c0fff2a1a11bef5164bfba2576c
                                                                                                                                                                                                                                                • Instruction ID: fbff4c99ee2005b8952397e05cd8ac7919b092726767aeab782064c7a825f71f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e02bc9f5334d682bb5f1c7c4bc9ad87889e86c0fff2a1a11bef5164bfba2576c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B511C426A2CA42C1EB108B56F8840396375FBC9BD4B544472DBAE43774DE3CE54DC300
                                                                                                                                                                                                                                                Function 00007FFE74D78DB0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Bool_FromLong$BuildSizeValue_
                                                                                                                                                                                                                                                • String ID: PathLenConstraint$fCA$fPathLenConstraint${s:N, s:N, s:k}
                                                                                                                                                                                                                                                • API String ID: 3942119401-3721055901
                                                                                                                                                                                                                                                • Opcode ID: 9ecf450eef0d8d2ad4947defc98a28ab1d6373610cba2ae01479d0515dca57a9
                                                                                                                                                                                                                                                • Instruction ID: 1d5b21cf19348425891deeedd236264dc5e1daf10e7547b78812ba6eda5fc50a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ecf450eef0d8d2ad4947defc98a28ab1d6373610cba2ae01479d0515dca57a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F0CF76A1CB46D6DB008B10E8884797368FB89B94B044075DAAE43B24EE7CD55ACB40
                                                                                                                                                                                                                                                Function 00007FFE74D781C0 Relevance: 12.1, APIs: 8, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: free$DeallocErr_MemorySequence_Tuple@@U_object@@malloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2165968868-0
                                                                                                                                                                                                                                                • Opcode ID: cc6d1c5c69d510eae1896d83434756b846e213ef316d9c9bf5939e05eb4c6e47
                                                                                                                                                                                                                                                • Instruction ID: ac910899e7b3bb7cdc0858a1aa68edfcf0f6344db52c949fe285ecec446bbc57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc6d1c5c69d510eae1896d83434756b846e213ef316d9c9bf5939e05eb4c6e47
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36415733A2DB42C2EB468F56A88413D77A8BF88B91B054135EFAD53760DF38E5598340
                                                                                                                                                                                                                                                Function 00007FFE758516F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                                • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                                                • Opcode ID: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                                                                • Instruction ID: e98b9bd203eafc0a859c21e568b62cc3bee1f5915f04f216daf871089fdd950e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9451B463B2974683FF688B09D4512B8A7A1EB84F84F441435DAAE477B0DF2CE891E340
                                                                                                                                                                                                                                                Function 00007FFE75851000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                                • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                                                • Opcode ID: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                                                                • Instruction ID: 4b5b29d91c4f28ab0dd1fabd9a5a5d69a761fb31c3c46d08d74de4fbe32ad0ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A341C2A7B3878283FB588B15D451379A361EB04F90F842135DABE876A4DF2DE894E340
                                                                                                                                                                                                                                                Function 00007FFE74D77AA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict or None, xrefs: 00007FFE74D77B04
                                                                                                                                                                                                                                                • |kOOO:CRYPT_VERIFY_MESSAGE_PARA, xrefs: 00007FFE74D77B37
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Arg_Keywords_MemoryParseSizeStringTuplemalloc
                                                                                                                                                                                                                                                • String ID: Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict or None$|kOOO:CRYPT_VERIFY_MESSAGE_PARA
                                                                                                                                                                                                                                                • API String ID: 3503287059-4156433631
                                                                                                                                                                                                                                                • Opcode ID: e9424dd6beaa008a22de8d660639a4951c33b1e4a83d22bf65a9b7d75a9b0e79
                                                                                                                                                                                                                                                • Instruction ID: 43bf6b562b7d6b52e3e0cb360a940d53db34572d56bd8ab28bae8e60b3e36ce0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9424dd6beaa008a22de8d660639a4951c33b1e4a83d22bf65a9b7d75a9b0e79
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 713105B2A1DB46C5EB418F55E88026973E8FB88B94F044435DAAD43774EF7CE5A9C700
                                                                                                                                                                                                                                                Function 00007FFE74D777A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                                                                • String ID: EncryptionAuxInfo must be None$Object used to construct a CRYPT_ENCRYPT_MESSAGE_PARA must be a dict$O|OOkkk:CRYPT_DECRYPT_MESSAGE_PARA
                                                                                                                                                                                                                                                • API String ID: 1444107868-2361109964
                                                                                                                                                                                                                                                • Opcode ID: 0387343d0a297861153132cd53a0e4f79e01a598c2762950e08c7c8825d92fb0
                                                                                                                                                                                                                                                • Instruction ID: f0c2b16fa8a3485f86966b8f70b9ff85444508e0b329c6fbb16e873fd65e8735
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0387343d0a297861153132cd53a0e4f79e01a598c2762950e08c7c8825d92fb0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7310A73A19B42C6DB418F24E48026973E9FB84B84F544136DB9C47768EF3CE599C740
                                                                                                                                                                                                                                                Function 00007FFE74D485B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                • String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                • API String ID: 1292091245-161903415
                                                                                                                                                                                                                                                • Opcode ID: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                                • Instruction ID: 7ee848638e78cb483ac065db4d0b9d1b64559770877f6f87b96ec20f7cf770d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF115167F2C646C2FB419B29E8842B5A360AF84784F484431DFAD462B5EF7CE19ED700
                                                                                                                                                                                                                                                Function 00007FFE74D7A764 Relevance: 10.6, APIs: 7, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferEval_ThreadView@@$?init@CertErr_ErrorError@@FreeFromLastLong_Object_OpenReferenceRestoreSaveStoreStringU_object@@U_object@@_VoidWin_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3959075145-0
                                                                                                                                                                                                                                                • Opcode ID: 735bb013023945f98a00cd79af536277f0328b45b4fff663fcd9f338c59b4beb
                                                                                                                                                                                                                                                • Instruction ID: c36f9dfabf3369a32e9df97e44988c79049331fd64ffc1e4de9194e1104cbcd6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 735bb013023945f98a00cd79af536277f0328b45b4fff663fcd9f338c59b4beb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E21CB37B1DA56C9E7158F65E4806BC3375AB84B98B040175CF9D67B68DE3CD90E8340
                                                                                                                                                                                                                                                Function 00007FFE74D484F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                • String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                • API String ID: 1292091245-1740808346
                                                                                                                                                                                                                                                • Opcode ID: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                                • Instruction ID: 963c89425adb5d132523cc295d27bad6c4e0dc64e82292b5d691da6ebdc157a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14119867F2C606C2FB558B2AE8C52756360AF94B84F445031DFAD46275FF2CD5999300
                                                                                                                                                                                                                                                Function 00007FFE74D77050 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BufferView@@$?init@Arg_Err_Keywords_ParseSizeStringTupleU_object@@_
                                                                                                                                                                                                                                                • String ID: Object used to construct a CRYPT_BIT_BLOB must be a dict$Ok:CRYPT_BIT_BLOB
                                                                                                                                                                                                                                                • API String ID: 1863331557-1057895879
                                                                                                                                                                                                                                                • Opcode ID: 9bd7dbeddbf4d01ef53bd7e298c0cce26d155d1eb7edca795c507e62b6cd6ecb
                                                                                                                                                                                                                                                • Instruction ID: 438ce7d90e3cdb1e5ccde755a4371ce1f951e7beb718edfa512a339dbba004a2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bd7dbeddbf4d01ef53bd7e298c0cce26d155d1eb7edca795c507e62b6cd6ecb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5621D862A28A81C6EB608F25F8807AA73A5FB84B84F445132DBED43764DF3CD59DC700
                                                                                                                                                                                                                                                Function 00007FFE74D441E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyArg_ParseTuple.PYTHON312 ref: 00007FFE74D4420E
                                                                                                                                                                                                                                                • GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FFE74D4423E
                                                                                                                                                                                                                                                • Py_BuildValue.PYTHON312 ref: 00007FFE74D44268
                                                                                                                                                                                                                                                • PyMem_Free.PYTHON312 ref: 00007FFE74D44282
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildFree$Arg_AuditedDeallocDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                                • String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
                                                                                                                                                                                                                                                • API String ID: 1813498087-1982696749
                                                                                                                                                                                                                                                • Opcode ID: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                                • Instruction ID: cdd94c6ab20112008ae4c53a7bc5625846d1cab3a0c94a3d50c26f0ba6dc073f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B11FF7371C646C2EA508B55E4C406AA3A0FB84794F444136DBED47A68EF7CE58DCB41
                                                                                                                                                                                                                                                Function 00007FFE74D41220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$BufferBuffer_FormatObject_ReleaseString
                                                                                                                                                                                                                                                • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                • API String ID: 3539591379-686265896
                                                                                                                                                                                                                                                • Opcode ID: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                                • Instruction ID: 01101df7f0bfd1e92300a960ac9b1d9498c66e740edfe47ba7e73d976c9c0448
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF112162A29B06C2EE558F56E4C823863A1FF85B94F545130CEAD877B4EF3CE499D700
                                                                                                                                                                                                                                                Function 00007FFE74D44120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyArg_ParseTuple.PYTHON312 ref: 00007FFE74D4414A
                                                                                                                                                                                                                                                • GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FFE74D44175
                                                                                                                                                                                                                                                • Py_BuildValue.PYTHON312 ref: 00007FFE74D4419A
                                                                                                                                                                                                                                                • PyMem_Free.PYTHON312 ref: 00007FFE74D441B4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildFree$Arg_DeallocDecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                                • String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
                                                                                                                                                                                                                                                • API String ID: 2032167972-568366055
                                                                                                                                                                                                                                                • Opcode ID: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                                • Instruction ID: d790d4ccd4ffc6ef67583cdd040dfad1627712d9f5a9e9c7aebc0b4429fec8e4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25113D73B1C64AC2EA009B55F88416AA3A1FF84784F444132DBED87668EF7CE54ECB41
                                                                                                                                                                                                                                                Function 00007FFE74D7A70F Relevance: 10.5, APIs: 7, Instructions: 48threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_ThreadU_object@@$BufferCertErr_ErrorError@@FreeFromLastLong_OpenReferenceRestoreSaveStoreStringView@@VoidWin_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 504009513-0
                                                                                                                                                                                                                                                • Opcode ID: 1b853cce0dd02cf5b1062a97e9fbb10b6b16e8998390923970c45b63366b3f0d
                                                                                                                                                                                                                                                • Instruction ID: 4c41f15fb0e258767efbeefcc475e62073f7a7c741c9e5865e0983fb253bec64
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b853cce0dd02cf5b1062a97e9fbb10b6b16e8998390923970c45b63366b3f0d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11DB26B2CA46C9F7258F65E88467C2365AB84BD4B044135CFAD67B68CE3CD94E8300
                                                                                                                                                                                                                                                Function 00007FFE74D7A736 Relevance: 10.5, APIs: 7, Instructions: 45threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_Thread$BufferCertErrorFreeLastOpenRestoreSaveStoreU_object@@View@@Y__@@@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2272792605-0
                                                                                                                                                                                                                                                • Opcode ID: e783685f57a91c1b6a6dadc10c5ba01f2976cabd44a7fabb62e0783f77305b33
                                                                                                                                                                                                                                                • Instruction ID: b96fa143fc14d862830e1e1b8342839c754d166be07def49dd6c17a8d01b916a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e783685f57a91c1b6a6dadc10c5ba01f2976cabd44a7fabb62e0783f77305b33
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8511CC26B1CA42C9E7258F65E88467C2365BB84BD4B040135CFAD67778DE3CE94E8300
                                                                                                                                                                                                                                                Function 00007FFE74D7A74D Relevance: 10.5, APIs: 7, Instructions: 45threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Object_Thread$BufferCertErrorFreeLastOpenRestoreSaveStoreU_object@@View@@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2258189182-0
                                                                                                                                                                                                                                                • Opcode ID: 3dd6fefdb8c283e016e08b741fdffbf3031fb042ce30941533acbbe1235ce6df
                                                                                                                                                                                                                                                • Instruction ID: bbed685c92969a321e88a434d4773e99bbcb70d229363a18d572194cea983036
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dd6fefdb8c283e016e08b741fdffbf3031fb042ce30941533acbbe1235ce6df
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD11CC26B1CA42C9E7258F65E88467C2365AB84BD4B040135CFAD67778DE3CE94E8300
                                                                                                                                                                                                                                                Function 00007FFE74D72B80 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CertCertificateContextErr_FreeRestoreSaveString
                                                                                                                                                                                                                                                • String ID: CertFreeCertificateContext$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 2800691829-2758218661
                                                                                                                                                                                                                                                • Opcode ID: bb52bf924b046b5add6b0de0391143d88a3a835ec7d3b0ffb67b05f919ce16b9
                                                                                                                                                                                                                                                • Instruction ID: 2d503ecead44b570ccd5f35887647e73d62eef4a30409f22fd3dac4fdde664a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb52bf924b046b5add6b0de0391143d88a3a835ec7d3b0ffb67b05f919ce16b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E511F226A2CA42C2EB509F5AE8C42B96365FB88B94F081031DBAE03725DE2CD5898300
                                                                                                                                                                                                                                                Function 00007FFE75851150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _PyArg_CheckPositional.PYTHON312 ref: 00007FFE75853607
                                                                                                                                                                                                                                                • _PyArg_BadArgument.PYTHON312 ref: 00007FFE7585363A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE758511B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFE758511E2
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE758511B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFE758511FA
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE758511B0: PyType_IsSubtype.PYTHON312 ref: 00007FFE7585121D
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                                                • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                                • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                                                • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                                • Instruction ID: 1bedd8d3a0bd4b09595f966a4b8d60e1643d447e87852022db7c26570d2650f7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E11A1A2B2878682FB508F52E4816B9A360AF04FC4F889036D92D077B4DF2CD589F340
                                                                                                                                                                                                                                                Function 00007FFE74D7D640 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Bytes_ClearFormatLong_OccurredStringVoid
                                                                                                                                                                                                                                                • String ID: %d is an invalid value for object identifier
                                                                                                                                                                                                                                                • API String ID: 547943475-3594730584
                                                                                                                                                                                                                                                • Opcode ID: 22658438a5c7523015bb58e97d0ab54ab8fa08677bbe5b43d272185928f613a8
                                                                                                                                                                                                                                                • Instruction ID: 4fea4f01eca69f37e72ce5addabbe7a1abcca5a5b3a9754b7c2213aa5e76a89e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22658438a5c7523015bb58e97d0ab54ab8fa08677bbe5b43d272185928f613a8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83010026A2CB82C1EB518B55F4D426D27B4FB88B84F188071DBAE47765EF3CD4998701
                                                                                                                                                                                                                                                Function 00007FFE75854768 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                                • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                                • API String ID: 3876575403-184702317
                                                                                                                                                                                                                                                • Opcode ID: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                                                                • Instruction ID: ce93b458a31f74cddd251f5edc2e0944629ba6dd4292667eb7f47b0d52ed5c05
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9301C462F2878A96FB508B12E4817B5A760EF05FC4F988031D93D076B4DF2CD485E300
                                                                                                                                                                                                                                                Function 00007FFE74D79690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertKeywordsParseRestoreSaveTuple
                                                                                                                                                                                                                                                • String ID: I:CertAlgIdToOID
                                                                                                                                                                                                                                                • API String ID: 3433423547-3396670919
                                                                                                                                                                                                                                                • Opcode ID: 1095c2d51b48dba2b82c27a878169a917837b47485c0a3d01a219f5c71b8761f
                                                                                                                                                                                                                                                • Instruction ID: 02567c008256f40fa9ba215ad39126b390a897f93f69b651e9c3f75650f84681
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1095c2d51b48dba2b82c27a878169a917837b47485c0a3d01a219f5c71b8761f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A501C526A2CA82C2DB009F56A98457963A5FB89BD4B840071DEAE43B35DE3CE11D8700
                                                                                                                                                                                                                                                Function 00007FFE74D448D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FFE74D44926
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy$Err_FormatReferencemalloc
                                                                                                                                                                                                                                                • String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
                                                                                                                                                                                                                                                • API String ID: 3577276951-318570358
                                                                                                                                                                                                                                                • Opcode ID: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                                • Instruction ID: 1bc848109d637cc90c145fe829a36113cbbcb65eb74712db72d917f79231d09f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3014C62A2CA46D2EB54CF56E5940787360FB88F84B444039DBAE03775EF3CE0A9D700
                                                                                                                                                                                                                                                Function 00007FFE74D73340 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$CertDeleteErr_FromRestoreSaveStoreString
                                                                                                                                                                                                                                                • String ID: CertDeleteCertificateFromStore$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 1525181047-1342110332
                                                                                                                                                                                                                                                • Opcode ID: 7b40cb4e4b256020a3562da3478bab6e3b79d37c173bc5c4e9eb3ff782c05f87
                                                                                                                                                                                                                                                • Instruction ID: b009eeb3fcb7aedfbe0f2bf0d90dcb7991a3a95ffc5e4bbaef31ed0f80c83a7b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b40cb4e4b256020a3562da3478bab6e3b79d37c173bc5c4e9eb3ff782c05f87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E301DA62B2CA06C2EB159F56A8C417823A9FBD8BD4B481031CBAE47330DE2CD59D8300
                                                                                                                                                                                                                                                Function 00007FFE74D4A490 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$BuildClearDeallocStringValue
                                                                                                                                                                                                                                                • String ID: (i)$invalid timestamp
                                                                                                                                                                                                                                                • API String ID: 3614533335-2037815563
                                                                                                                                                                                                                                                • Opcode ID: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                                • Instruction ID: 1674efb8ebdd0ed07f79172fc22885fd34220e2e8780327cf7d19097b8993e92
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D01EC22A2DA06C2EB468B15E99417963A0AF98B95F441031CEAE07774EE3CE48D9701
                                                                                                                                                                                                                                                Function 00007FFE74D76D51 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildValue_$Bytes_DeallocFromString
                                                                                                                                                                                                                                                • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                                • API String ID: 1755699355-3161452806
                                                                                                                                                                                                                                                • Opcode ID: 38a010a786c2be177df0090677ed4f2dd89ee3b4a1786869ac1df62a7d11ec02
                                                                                                                                                                                                                                                • Instruction ID: b79c33b890a5424f44d24012be6063a57a2ada760c57d093e1016bb91cd02e47
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38a010a786c2be177df0090677ed4f2dd89ee3b4a1786869ac1df62a7d11ec02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D101C537A2DB42D6EB11CB51E5800A97764FB84794B544032DFED03768EE3CE599C740
                                                                                                                                                                                                                                                Function 00007FFE74D4C500 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$Arg_BuildErr_ParseStringTextTuple_UnicodeValue_
                                                                                                                                                                                                                                                • String ID: s#i$string size beyond INT_MAX
                                                                                                                                                                                                                                                • API String ID: 2518093472-3494499060
                                                                                                                                                                                                                                                • Opcode ID: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                                • Instruction ID: 1d96ccfbe49794db9a3027cde3103b8a34d014a0a2d1f9e1252d0402c928b169
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD012172B2CB46C2EE018B25E4841A9B3A1FB84794F804132DAAD43774DF3CE14DD740
                                                                                                                                                                                                                                                Function 00007FFE74D491B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AuthorityBuildErr_IdentifierSizeStringValidValue_
                                                                                                                                                                                                                                                • String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
                                                                                                                                                                                                                                                • API String ID: 2215780243-3761804006
                                                                                                                                                                                                                                                • Opcode ID: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                                • Instruction ID: d4a069da491fed8ae8d272f3088873d66dff47c74b8f2fd17ac752a9c127bfa4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3012C6262C691C6EB428B21A890039BFA0EB85B85F098071DBEE42760DF2CD569E710
                                                                                                                                                                                                                                                Function 00007FFE74D79730 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30threadencryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Eval_Thread$Arg_CertFromKeywordsLongLong_ParseRestoreSaveTupleUnsigned
                                                                                                                                                                                                                                                • String ID: s:CertOIDToAlgId
                                                                                                                                                                                                                                                • API String ID: 1673740518-3049518499
                                                                                                                                                                                                                                                • Opcode ID: 2de8b33d794067f29b7595e331b9b76f5abe5e987f96c3cd1ed44318750905c6
                                                                                                                                                                                                                                                • Instruction ID: 906cc3d41b7b640c7539af3e107f01dc0a4387b88e763d0cf88068d5d6a34390
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2de8b33d794067f29b7595e331b9b76f5abe5e987f96c3cd1ed44318750905c6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79F0B226B2CB82C2DB009B62B998079A3A8FB89F90B840075DE9E43725DE3CD15D8700
                                                                                                                                                                                                                                                Function 00007FFE74D735F6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildReferenceValuefreemalloc
                                                                                                                                                                                                                                                • String ID: CryptProv$KeySpec${s:N, s:k}
                                                                                                                                                                                                                                                • API String ID: 1678951931-2501532095
                                                                                                                                                                                                                                                • Opcode ID: 07488b20821be0a5470228962aac2a83eea9555d50712414f948658cadf8a56f
                                                                                                                                                                                                                                                • Instruction ID: 0e53799e3dd310887206ebb6a680ed13b519fb61eb99265aeef85f8cbce4c8ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07488b20821be0a5470228962aac2a83eea9555d50712414f948658cadf8a56f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9601D676A2CB46C2DB008B15F5845A973A8FB89BD0B444536DFAD43B64EF3CE659C700
                                                                                                                                                                                                                                                Function 00007FFE74D4BC90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
                                                                                                                                                                                                                                                • String ID: Unhandled exception detected before entering Python.
                                                                                                                                                                                                                                                • API String ID: 322838838-920423093
                                                                                                                                                                                                                                                • Opcode ID: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                                • Instruction ID: 7af9b32f571aa7f1d304791cae00043a84ca1f55fa73e39f720836da40e247fe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98E0EC22E3D506C7F6452BB5ECC937561606FA4B41F404034DAEE52271EE1CA45E9212
                                                                                                                                                                                                                                                Function 00007FFE757364D0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 215COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                                                • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                                                                • API String ID: 438689982-2063813899
                                                                                                                                                                                                                                                • Opcode ID: 67ba44c8fc7da2275e26dc5c6b297b4edecd91198259130be5b8f4e637aa948b
                                                                                                                                                                                                                                                • Instruction ID: 4df7cc0eea23d8775eb43539440efe51c79dacef16fea0b574e1a6e5ce84e13d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67ba44c8fc7da2275e26dc5c6b297b4edecd91198259130be5b8f4e637aa948b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE91F463A1ABC186EB50CF15A0142B97BA5FB48F90F468235DEAD47765EF3CE461C300
                                                                                                                                                                                                                                                Function 00007FFE75708570 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memmove
                                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$2d3a40c05c49e1a49264912b1a05bc2143ac0e7c3df588276ce80a4cbc9bd1b0$database corruption
                                                                                                                                                                                                                                                • API String ID: 2162964266-3418467682
                                                                                                                                                                                                                                                • Opcode ID: 3a1c7061edd7996e4425f991c66e1209c2bf16ed6d35ea79bfa88dcdde2eb030
                                                                                                                                                                                                                                                • Instruction ID: 01e56d09a3c6c4c54687fb69a75b672a6c3840d09ebbf494d1d2548acafd3ee3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a1c7061edd7996e4425f991c66e1209c2bf16ed6d35ea79bfa88dcdde2eb030
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1291D063A29BC58AE720DB25E9842AEBBE0FB44B84F444136DE9D43B65DF3CD155C700
                                                                                                                                                                                                                                                Function 00007FFE74D4B120 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: List_$AppendBytes_DeallocFromSizeString
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3583985797-0
                                                                                                                                                                                                                                                • Opcode ID: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                                • Instruction ID: 67a05f744ea9507fa5b06682afe849a567ab5235e84d0e91a750463424e7c65f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28212332A2DA45C6FE554F69A89423863E0AF55BA4F481230DFBE067E4EF2CE4568301
                                                                                                                                                                                                                                                Function 00007FFE74D7A110 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocState_$AppendEnsureFromList_Object_ReleaseU_object@@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3628222327-0
                                                                                                                                                                                                                                                • Opcode ID: 7a0718d237f742212005814ea54b60e2ecc3fd4ee28faf6190ed97f0438efaf4
                                                                                                                                                                                                                                                • Instruction ID: 247d92e717ce951be266c252190869e3672b81d1f8586fd12dcf075d13cfcaae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a0718d237f742212005814ea54b60e2ecc3fd4ee28faf6190ed97f0438efaf4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31113933A1CB42C6EB118F26B854139A3A4EB98BE4F180530DFAE47764DE3CD5488700
                                                                                                                                                                                                                                                Function 00007FFE74D31B44 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                                • API String ID: 2889003569-2084237596
                                                                                                                                                                                                                                                • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                                                                                • Instruction ID: 985ceaea823ea996219adea20dd34d2db5a5fe4021a3685b650fddfe8111fc59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A919273A18B86CAE750CB64E8802AD7BB0FB45788F144139EB9D17765DF38D199CB00
                                                                                                                                                                                                                                                Function 00007FFE74D320C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE74D320F2
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D33524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFE74D31222), ref: 00007FFE74D33564
                                                                                                                                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE74D32247
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abort$__except_validate_context_record
                                                                                                                                                                                                                                                • String ID: $csm$csm
                                                                                                                                                                                                                                                • API String ID: 3000080923-1512788406
                                                                                                                                                                                                                                                • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                                                                                • Instruction ID: e02aaea75207fd5de763a228dd9ea45a1f4c1de3f8a61e3ee4ec82e7bf1cd02c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4971AF33A2C681C6DB618F25D8D067D7BA1EB05B89F048135DBEC47AA9EB3CD499C700
                                                                                                                                                                                                                                                Function 00007FFE74D46990 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Unicode_
                                                                                                                                                                                                                                                • String ID: Internal$InternalHigh$hEvent
                                                                                                                                                                                                                                                • API String ID: 2646675794-1769053571
                                                                                                                                                                                                                                                • Opcode ID: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                                • Instruction ID: 341108660016bb815320386f4f8e54d84d4aa680240d2b44280820fdcf2e5512
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4213E73B2DE85C1EB558B1AE590079A360EB88BC4F085031EFEE57769EE2CD496C700
                                                                                                                                                                                                                                                Function 00007FFE75854694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                                                • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                                • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                                                • Opcode ID: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                                                                • Instruction ID: 616be206bb7141ab743fa79f00d780668ca22c148ee86ed3cb490e4e8a71ec35
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D621F367E28B8683FB148B62D850279A7E1EF45F84F588131D67D03BB0EF2CE595A300
                                                                                                                                                                                                                                                Function 00007FFE75854C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                • String ID: not a numeric character
                                                                                                                                                                                                                                                • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                                • Opcode ID: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                                                                • Instruction ID: 9ef086f90931441eabce67b7e11247e2c630222a34a20443d01db9b96067ec28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73218E23E28B42C3FB518B25E414138A6A1EF84F84F6C8131D93E47674EF3DE845A700
                                                                                                                                                                                                                                                Function 00007FFE74D45460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
                                                                                                                                                                                                                                                • String ID: <%hs at %Id (%Id)>
                                                                                                                                                                                                                                                • API String ID: 2754229576-3200932714
                                                                                                                                                                                                                                                • Opcode ID: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                                • Instruction ID: 9321c31f5fd8de033b51539f4a376c9738fb8597312ab329c405993b8872acd4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45116673B29B49D5EB519B15F8947A96360BB98FA4F404131DF6E437B4EE3CD0498700
                                                                                                                                                                                                                                                Function 00007FFE74D4C630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$Arg_DateFileParseSizeTuple_
                                                                                                                                                                                                                                                • String ID: DosDateTimeToFileTime$FileTimeToSystemTime
                                                                                                                                                                                                                                                • API String ID: 2214670548-3006328108
                                                                                                                                                                                                                                                • Opcode ID: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                                • Instruction ID: 93dffbfdac8d3d8f1cc61bce5af1ebe51202eed83560b34eadf0ce9415a4cc6e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85115423F2C846D2FA51AB25E8951BA73A1FFC8B44FC04032EB9D42575EE2CD50A8B01
                                                                                                                                                                                                                                                Function 00007FFE75854358 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                                • String ID: not a decimal
                                                                                                                                                                                                                                                • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                                • Opcode ID: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                                                                • Instruction ID: f144376db6985d2612f77ee7e7dcf60956ae744ec42e1aa7f1be8178e80d3d1d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA118F23E6874283FF148B26E45457CA6A1AF84F84F588130DA6E87674EF6CE850A300
                                                                                                                                                                                                                                                Function 00007FFE74D41970 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Formatmemcpyrealloc
                                                                                                                                                                                                                                                • String ID: SetACL: Unable to reallocate ACL to size %d
                                                                                                                                                                                                                                                • API String ID: 2667793433-1849531889
                                                                                                                                                                                                                                                • Opcode ID: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                                • Instruction ID: c08afac557bd4abed5984a5b84afbf5acd11e92d85c0c0f171ee1e9af4c9070b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE117F22B2C781C2EA149F16A485079B3A0FB48FC0B148435EFED47B69EF2CD0969700
                                                                                                                                                                                                                                                Function 00007FFE74D44C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String
                                                                                                                                                                                                                                                • String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
                                                                                                                                                                                                                                                • API String ID: 1450464846-2899910425
                                                                                                                                                                                                                                                • Opcode ID: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                                • Instruction ID: a5c2a744a637340969d59a45e5c5b7a97ce34f36baecc0123fa864b1496c4cee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4711FE63B2CA06C2EB558F19F4C02686360FB88B84F545531DBAD87775EE3DD49A9B00
                                                                                                                                                                                                                                                Function 00007FFE75854A68 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                                • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                                                • Opcode ID: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                                                                • Instruction ID: be434b1f2f43c8a787e4c3cb863e04375c3f20ba71964392ed745ddc0e27389f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8119D33F28B8296FB509F42E4411A9A760EB44F84F684032EA2D43B75DF3CE595D300
                                                                                                                                                                                                                                                Function 00007FFE758542A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                                • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                                                • Opcode ID: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                                                                • Instruction ID: 7aae8b496d080c387fb019a1a91fc4d7b721d4c1fc7e1b3ce77efd2141a638f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B116D32E28B8296FB509F42E4415A9B360EB44F84FA88436DB3D47B75DF2CE596D300
                                                                                                                                                                                                                                                Function 00007FFE75854BA8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                                • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                                • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                                                • Opcode ID: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                                                                • Instruction ID: 9360d54174f668c4dcada91ddc7b53b265c9559b5da17a653fe7f6d69c04ae30
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF116D32E28B8696FB509F52E4411A9A360EB84F84F684432DA7D47B79DF3CE995D300
                                                                                                                                                                                                                                                Function 00007FFE74D767D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_FormatObject_ParseSizeTuple_U_object@@
                                                                                                                                                                                                                                                • String ID: CRYPTPROTECT_PROMPTSTRUCT must be None or a tuple (got %s)$k|O&O
                                                                                                                                                                                                                                                • API String ID: 2773165684-1039745384
                                                                                                                                                                                                                                                • Opcode ID: 3a6ba6e03204bea4c1c9707196f68587f9e82b847cc809a1b94f4268057fc308
                                                                                                                                                                                                                                                • Instruction ID: 27c572567572d7b796db9c94a00c022d7cf1347c12314bff5a144fcf0c96c81a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a6ba6e03204bea4c1c9707196f68587f9e82b847cc809a1b94f4268057fc308
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6110AB3A28B46C2EB108F51E8806A973A4FB85B99F548136CB9C47670EF3CD59DC740
                                                                                                                                                                                                                                                Function 00007FFE74D4CD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyLong_AsVoidPtr.PYTHON312 ref: 00007FFE74D4CD95
                                                                                                                                                                                                                                                • PyErr_Occurred.PYTHON312 ref: 00007FFE74D4CDA3
                                                                                                                                                                                                                                                • PyErr_Clear.PYTHON312 ref: 00007FFE74D4CDAE
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB65
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB73
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB81
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB90
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB9B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBA4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBB3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBC7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Format.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBE6
                                                                                                                                                                                                                                                • PyErr_Format.PYTHON312 ref: 00007FFE74D4CDDC
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
                                                                                                                                                                                                                                                • String ID: WPARAM is simple, so must be an int object (got %s)
                                                                                                                                                                                                                                                • API String ID: 4021378859-3057595559
                                                                                                                                                                                                                                                • Opcode ID: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                                • Instruction ID: 22d45256b6491b97a2e323c065482593a7afd4a54a594877e0ab0b9eecff5bc6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A010C32A2DB82C2EB418B56F484169A760FF48FD8F085031EFAD57765EF2CE4999701
                                                                                                                                                                                                                                                Function 00007FFE74D49120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Authority$Arg_CountErr_ParseSizeStringTuple_
                                                                                                                                                                                                                                                • String ID: The index is out of range
                                                                                                                                                                                                                                                • API String ID: 2377407092-505141048
                                                                                                                                                                                                                                                • Opcode ID: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                                • Instruction ID: 4e077bb9188944bb4932454fe27f0f15f7d75b651b01de595e46b4787826b413
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD010972A2CA46C3EB058F26E8D44A973A1FB84B85F405032DAAE43374EE3CD499D740
                                                                                                                                                                                                                                                Function 00007FFE75854974 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                                • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                                • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                                                • Opcode ID: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                                                                • Instruction ID: c9c464fc581bca7c16c35decd91af0d614d18789aed8a56e748e9e998f024982
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF018463E2874393FB149B15E4521B9A290FF48F94FA80635D57D436B1EF2CE594A300
                                                                                                                                                                                                                                                Function 00007FFE758541B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                                • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                                • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                                                • Opcode ID: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                                                                • Instruction ID: 61836d2a6d15b37be32ba5c415b8b2e5560a07964c92a58bda4fff052e4020c7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A017163E2874293FB149B55A8501B9A2A0FF09F54FD80631D57D476B0DE2CE595A300
                                                                                                                                                                                                                                                Function 00007FFE75852630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                                • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                                • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                                • Opcode ID: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                                                                • Instruction ID: eb71b79f7874832762a529e8f2a5111b8ddb6900cfa75f2894515d74c626f65d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AF03C22A29B4797FB059B21E804078A3A4BF08F80F441531E96E06774FF3CF048E340
                                                                                                                                                                                                                                                Function 00007FFE74D76C09 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 18COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                                • API String ID: 1860207225-3161452806
                                                                                                                                                                                                                                                • Opcode ID: 9951417193ced6bf1de27378fa38e3f26df4a5518cb3dbb15146f5cedcaf59b6
                                                                                                                                                                                                                                                • Instruction ID: c4cc84d7a6492d0c67bddba005d579a2fec23bc10681ce6f46d668833b74468e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9951417193ced6bf1de27378fa38e3f26df4a5518cb3dbb15146f5cedcaf59b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F06276A19A42D2E700CF11E8810A97368FB88B58B584136CBAD43668EF3CE559C754
                                                                                                                                                                                                                                                Function 00007FFE74D76E0B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,00007FFE74D72839), ref: 00007FFE74D76E20
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFE74D72839), ref: 00007FFE74D76E43
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: ObjId$Parameters${s:s, s:N}
                                                                                                                                                                                                                                                • API String ID: 1860207225-2686500079
                                                                                                                                                                                                                                                • Opcode ID: 21f033b1f574980252f1d5c4097b178a18d5bff73dc401b747db5205b318ba76
                                                                                                                                                                                                                                                • Instruction ID: 6b43c156a9e2a4cca77d6064065ce5fb4b791cf4b3bbb764a5fffca54bf892f6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21f033b1f574980252f1d5c4097b178a18d5bff73dc401b747db5205b318ba76
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E01A66A2CA46D2EB01CB64E8850B87328BB84B48B584132CBAD06234EE7CD59EC754
                                                                                                                                                                                                                                                Function 00007FFE74D77010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: Data$UnusedBits${s:N,s:k}
                                                                                                                                                                                                                                                • API String ID: 1860207225-201570788
                                                                                                                                                                                                                                                • Opcode ID: b93d722b57e54d1c5c6e974ee6d9fe515ef6430f30e500dd37449d32aec7341b
                                                                                                                                                                                                                                                • Instruction ID: e1d5f606cde4bb2921ef2f49bb70de7e58a63296d548e4654a6073df29def05d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b93d722b57e54d1c5c6e974ee6d9fe515ef6430f30e500dd37449d32aec7341b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E01A66A29606C2DB00DB65E8844787328FB88B58B444432CBAD47331EF3CD59EC740
                                                                                                                                                                                                                                                Function 00007FFE74D76E10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,00007FFE74D72839), ref: 00007FFE74D76E20
                                                                                                                                                                                                                                                • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFE74D72839), ref: 00007FFE74D76E43
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: ObjId$Parameters${s:s, s:N}
                                                                                                                                                                                                                                                • API String ID: 1860207225-2686500079
                                                                                                                                                                                                                                                • Opcode ID: d0cdd24dfd525620e2ecf6138d5cfd1585b05de96cb3a5f6eca1597dfad9f085
                                                                                                                                                                                                                                                • Instruction ID: 26790199cdafc23b64abc1582288926e61968ab6370658f90643a280fa1a0da8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0cdd24dfd525620e2ecf6138d5cfd1585b05de96cb3a5f6eca1597dfad9f085
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3E0B667A2DA46D2EB01CB54E8854B97328FB88B48B584132CBAD46334EF3CD59EC754
                                                                                                                                                                                                                                                Function 00007FFE74D76B60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                                • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                                • API String ID: 1860207225-3161452806
                                                                                                                                                                                                                                                • Opcode ID: a22c89335a23a70f7afd9dfff3ee34bbe3a731d3f2f019d1779b99e0e53101e9
                                                                                                                                                                                                                                                • Instruction ID: c24201b13c86fe026dc5f6e9477d5f33deea675f623ac425c72bb1acecf35d8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a22c89335a23a70f7afd9dfff3ee34bbe3a731d3f2f019d1779b99e0e53101e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80E0BF66A2D946C2EB00CB54E8850B97368FB94B48B544132CBAD47234DF3CD55EC744
                                                                                                                                                                                                                                                Function 00007FFE7571C47A Relevance: 8.0, APIs: 1, Strings: 4, Instructions: 491COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: 2d3a40c05c49e1a49264912b1a05bc2143ac0e7c3df588276ce80a4cbc9bd1b0$out of memory$statement aborts at %d: [%s] %s$string or blob too big
                                                                                                                                                                                                                                                • API String ID: 3510742995-3617401034
                                                                                                                                                                                                                                                • Opcode ID: 1c93ec38d3358962f044fd8c9bc7468739eb095e07bda336951e211f631fe774
                                                                                                                                                                                                                                                • Instruction ID: 901ef18ed9ac36beac0ae402987442727761ce7eb3dba16b3a89ae4eea8348ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c93ec38d3358962f044fd8c9bc7468739eb095e07bda336951e211f631fe774
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99327B73A2A7428AE710CF66D44426D7BB5FB85F84F104136EA6D57BA8DF38E841CB40
                                                                                                                                                                                                                                                Function 00007FFE757676F0 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00007FFE75767F95,?,?,00000000), ref: 00007FFE75767770
                                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00007FFE75767F95,?,?,00000000), ref: 00007FFE757678B7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                                                                                • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                                                • API String ID: 1297977491-2903559916
                                                                                                                                                                                                                                                • Opcode ID: 7db31c1c0feca94d0fe2313bbd611dd5f68d38f3a15ed93a798a1538fb93f959
                                                                                                                                                                                                                                                • Instruction ID: 00552c4e15f45e7fcc57a4c9fa042393061ddff8513218fa52b0dcf7772bee29
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7db31c1c0feca94d0fe2313bbd611dd5f68d38f3a15ed93a798a1538fb93f959
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EC1D223A2A78289EA65DB15915477A67A0FF41FD4F198136DE6D0B7E9EF3CE801C300
                                                                                                                                                                                                                                                Function 00007FFE74D489F0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _Py_NewReference.PYTHON312(?,?,?,00007FFE74D46FA7,?,?,?,00007FFE74D46DB3), ref: 00007FFE74D48A0D
                                                                                                                                                                                                                                                • GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFE74D46FA7,?,?,?,00007FFE74D46DB3), ref: 00007FFE74D48A1E
                                                                                                                                                                                                                                                • GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FFE74D46FA7,?,?,?,00007FFE74D46DB3), ref: 00007FFE74D48A4F
                                                                                                                                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFE74D46FA7,?,?,?,00007FFE74D46DB3), ref: 00007FFE74D48A68
                                                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,00007FFE74D46FA7,?,?,?,00007FFE74D46DB3), ref: 00007FFE74D48A7B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3412238872-0
                                                                                                                                                                                                                                                • Opcode ID: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                                • Instruction ID: bdc7c022debf43041dc6a511e556d2c2c3cbe172650b41946929b613f9c21bbe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE117C27718B41C2EA459B5AA5803A9A264EB85BD4F080035DF9C03BA4EF7CE59A8700
                                                                                                                                                                                                                                                Function 00007FFE74D7B340 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocSizeState_$AppendBuildBytes_EnsureFromList_ReleaseStringValue_
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2009074532-0
                                                                                                                                                                                                                                                • Opcode ID: 09c412c75f786431a46af4d753e698d7893c93d0833fd3895a72c43ee296303e
                                                                                                                                                                                                                                                • Instruction ID: a34d8f8ddeddae2367a2f760dca322554ffcc77d4b75779d24508e9925ba3631
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09c412c75f786431a46af4d753e698d7893c93d0833fd3895a72c43ee296303e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E014422B2D742C1EF555F66B49413D6260AF98B98F044434DFAF877A4DE2CD58D8300
                                                                                                                                                                                                                                                Function 00007FFE74D7A460 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: State_$AppendDeallocEnsureFromList_Object_ReleaseU_object@@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1307292411-0
                                                                                                                                                                                                                                                • Opcode ID: 2da81ce98251997789bd95e6982422e9a0af280cbac30fa44f8514417ecc8a66
                                                                                                                                                                                                                                                • Instruction ID: 3cae621c55a80d04ac04011b4ab17a342370fdca43315e348f6f5cfefd5fadb7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2da81ce98251997789bd95e6982422e9a0af280cbac30fa44f8514417ecc8a66
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02014F33A1C652C2E7119B26A84803DA2E5EFC4B94F180135DBAE47B74EF3CD9498700
                                                                                                                                                                                                                                                Function 00007FFE74D7A280 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: State_$AppendDeallocEnsureFromList_Object_ReleaseU_object@@
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1307292411-0
                                                                                                                                                                                                                                                • Opcode ID: c34c54682ab9fa1d21e106afd42fded7a87276de4775d08419395acdf045320c
                                                                                                                                                                                                                                                • Instruction ID: 639a38674d7f275941dc9a395828b323943e96eff1fa9ea96990c6bbad7aff37
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c34c54682ab9fa1d21e106afd42fded7a87276de4775d08419395acdf045320c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35014F33A1C742C2E7119B26B84403DA2A5EFD5B90F190535DBAE47774EF3DD9498700
                                                                                                                                                                                                                                                Function 00007FFE74D32600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                • API String ID: 444109036-1018135373
                                                                                                                                                                                                                                                • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                                                                                • Instruction ID: d30936fcdb69bdd94243f7557aea4d1d40f699876268819761a84a3918659c89
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC513A77A2C682C7D620DB15E18126D77A4FB88B95F101134EBDD47B65DF38E455CB00
                                                                                                                                                                                                                                                Function 00007FFE74D76C7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Tuple_
                                                                                                                                                                                                                                                • String ID: CERT_ALT_NAME_ENTRY %d is not yet supported
                                                                                                                                                                                                                                                • API String ID: 3728983458-143101820
                                                                                                                                                                                                                                                • Opcode ID: 8b8a282126e4b4783f6b230fc72f71cb4dd8030e10860e6f5e33ceedb6805a1f
                                                                                                                                                                                                                                                • Instruction ID: 36fc9860aa67d576dd192248afde711375ab22ebb820096836ea6f861407703c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b8a282126e4b4783f6b230fc72f71cb4dd8030e10860e6f5e33ceedb6805a1f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09317033628742C6DB05DF51E88146C77A9F7C4BA8B548026DB9D47B64DF7CE648CB10
                                                                                                                                                                                                                                                Function 00007FFE74D49D20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                • String ID: iiiiiiiii|i$year out of range
                                                                                                                                                                                                                                                • API String ID: 385655187-1001734015
                                                                                                                                                                                                                                                • Opcode ID: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                                • Instruction ID: ee5a1e1412cc07a45bbed31c065b0409adac0e12ec598a3c6814524f082bf013
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60318CB3A28B05C6E318CF25D4849AC73A5F749B80B55823ADBAD47710DF3AE999C740
                                                                                                                                                                                                                                                Function 00007FFE74D4A330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Timefloor$SystemVariant
                                                                                                                                                                                                                                                • String ID: VariantTimeToSystemTime
                                                                                                                                                                                                                                                • API String ID: 1266533630-2676162551
                                                                                                                                                                                                                                                • Opcode ID: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                                • Instruction ID: cc29e45072dc58380da6b4474633ffacc33041265c21a81310801ec4d26a671c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6431A862D3CE55C5E203973854A11A5F3596FA5389B458333FEAE71535EF28B0CB4600
                                                                                                                                                                                                                                                Function 00007FFE74D4D200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ParseSizeTuple_
                                                                                                                                                                                                                                                • String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                • API String ID: 2270327996-2297966167
                                                                                                                                                                                                                                                • Opcode ID: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                                • Instruction ID: c787e678b1d24c6a1eca0eb1602da8e670c4aaec590d3385817fcb261504cab1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9221F973B1DB0AD1EB018F19D4901A973A5FB84B84F550132DBAC47674EF38E95AC750
                                                                                                                                                                                                                                                Function 00007FFE74D43D8C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DeleteParseTuple
                                                                                                                                                                                                                                                • String ID: DeleteAce$l:DeleteAce
                                                                                                                                                                                                                                                • API String ID: 1230908747-3702189175
                                                                                                                                                                                                                                                • Opcode ID: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                                • Instruction ID: 883fbd99b48f6342f23db1014ce2c3ee04ba3b65b488938b86f4997dc753a4c6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A015BA7A2D686C7E7064B7994D01B87B70EF55B84F488071CBDD42261EE1CD1A7D700
                                                                                                                                                                                                                                                Function 00007FFE74D44D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FFE74D44D8C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_Format
                                                                                                                                                                                                                                                • String ID: DEVMODE structure of size %d greater than supported size of %d
                                                                                                                                                                                                                                                • API String ID: 376477240-1470040908
                                                                                                                                                                                                                                                • Opcode ID: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                                • Instruction ID: b22bb8221efd14de3dbbad4ced5eb83a9022496767ac4ed44b55b43c8ab5a861
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C118622F2DA06C1FF158B59D4C427863A0EB88B95F441031CFAD477B0EF2CD49A9301
                                                                                                                                                                                                                                                Function 00007FFE74D450D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: CloseHandle$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                • API String ID: 0-4264222050
                                                                                                                                                                                                                                                • Opcode ID: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                                • Instruction ID: 5e5a973b63ff0190ede19e338d2e8a9152bf5d33cd7aa63e5dc899773e1444f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F117023B2D906C2EA109B19D8E017563A0FF88758F844131EFAD822B1EF2CD54E8700
                                                                                                                                                                                                                                                Function 00007FFE75851EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFE75851EDC), ref: 00007FFE75853B35
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE75851FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE75852008
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE75851FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE75852026
                                                                                                                                                                                                                                                • PyErr_Format.PYTHON312 ref: 00007FFE75851F53
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                                • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                                • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                                • Opcode ID: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                                                                • Instruction ID: e39a86df49b25ee967acf24cf132cce5b7e3fb18ddf1676d77202045fb7ad6ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5911EF77A28B47D3FB009B14E4842B4A361FB88F49F940531EA6D466B0EF6DE14AD740
                                                                                                                                                                                                                                                Function 00007FFE74D48070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DescriptorOwnerParseSecurityTuple
                                                                                                                                                                                                                                                • String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
                                                                                                                                                                                                                                                • API String ID: 2338322640-1512101531
                                                                                                                                                                                                                                                • Opcode ID: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                                • Instruction ID: ee1896711f57300c85abe4953c133dc862b112ca79306a2576b754e9a30b9c18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97012D63F2CA0AC2EB559B6AA8802756360EF85784F445031DBAD472B5EE2CE5999700
                                                                                                                                                                                                                                                Function 00007FFE74D76E50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_Keywords_ParseSizeStringTuple
                                                                                                                                                                                                                                                • String ID: Object used to construct a CRYPT_ALGORITHM_IDENTIFIER must be a dict$sz#:CRYPT_ALGORITHM_IDENTIFIER
                                                                                                                                                                                                                                                • API String ID: 2818518640-2559664096
                                                                                                                                                                                                                                                • Opcode ID: 107cdd3578aa7c27db04c7ffac28f6a0350c8f9216670a13a473e985a9627509
                                                                                                                                                                                                                                                • Instruction ID: 6b93ee99dca4e76fb028b61a615f0b46a83d8ab149503583d245eac04fbbfb3d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 107cdd3578aa7c27db04c7ffac28f6a0350c8f9216670a13a473e985a9627509
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C10140B2A28B46C2EB15CF51E88057973A4FB88BA4F448132DAAD47360EF7CD5D9C700
                                                                                                                                                                                                                                                Function 00007FFE74D4C590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_CreateGuidParseReferenceSizeTuple_
                                                                                                                                                                                                                                                • String ID: :CreateGuid
                                                                                                                                                                                                                                                • API String ID: 2232489080-3559396464
                                                                                                                                                                                                                                                • Opcode ID: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                                • Instruction ID: 4d0890b984113accc4e142356f7447b18e780a3ae6955fc64a4bb2efcf9c3751
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53014063E2CB41C1EA419B15E895169B3A0FB8D794F841135DB9E42735EF3CE1898B00
                                                                                                                                                                                                                                                Function 00007FFE74D72A90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String
                                                                                                                                                                                                                                                • String ID: Object must be of type PyCERT_CONTEXT$The certificate context has been closed
                                                                                                                                                                                                                                                • API String ID: 1450464846-1580614774
                                                                                                                                                                                                                                                • Opcode ID: cc81dcd45589a35762174956fc6641c583a5352cfec2412ddbde00653e817120
                                                                                                                                                                                                                                                • Instruction ID: 5fdc90959f13e86f1b7da99e710993f4896fe90dd0cf3b9027acad976d3f361f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc81dcd45589a35762174956fc6641c583a5352cfec2412ddbde00653e817120
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F01E466A2EA47C0EF258B59D8D077833A4FB88B54F944031C6AD46670EE7CE59E8300
                                                                                                                                                                                                                                                Function 00007FFE74D76170 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CertContextErr_FreeString
                                                                                                                                                                                                                                                • String ID: CertFreeCTLContext$The certificate trust context has been closed
                                                                                                                                                                                                                                                • API String ID: 1426095556-2522795890
                                                                                                                                                                                                                                                • Opcode ID: c5e869dbc77e6106798d9c40142a37f71d8773675d2fb9768a7373d2e4e8d925
                                                                                                                                                                                                                                                • Instruction ID: 5c2ba4e29cc1071586cd1d804ddc5bf20b3a01dd58eb7bc51b274de352b0d410
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5e869dbc77e6106798d9c40142a37f71d8773675d2fb9768a7373d2e4e8d925
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76F0FF67B2C906C1EB158F96E8D133933A5FBC8B99F444032CAAD47271DE2CD59D8304
                                                                                                                                                                                                                                                Function 00007FFE74D76F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_Err_Keywords_ParseSizeStringTuple
                                                                                                                                                                                                                                                • String ID: O&O&:CERT_PUBLIC_KEY_INFO$Object used to construct a CERT_PUBLIC_KEY_INFO must be a dict
                                                                                                                                                                                                                                                • API String ID: 2818518640-462478997
                                                                                                                                                                                                                                                • Opcode ID: 1809209a6058c0eebb6c0bf00a3d41bb38e366adb9d598705f6ad5fbad0262c7
                                                                                                                                                                                                                                                • Instruction ID: 416740b8bde697c6768f54182b5297dd3d218fd218e5c3d7b695ee1e0c29fe7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1809209a6058c0eebb6c0bf00a3d41bb38e366adb9d598705f6ad5fbad0262c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 290197A2E2CB42D5E7118B51E8806B973A4FBD4B54F949236D69D02271EF7CD2EDC700
                                                                                                                                                                                                                                                Function 00007FFE74D31268 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D33524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFE74D31222), ref: 00007FFE74D33564
                                                                                                                                                                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE74D312A6
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: abortterminate
                                                                                                                                                                                                                                                • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                • API String ID: 661698970-2671469338
                                                                                                                                                                                                                                                • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                                                                                • Instruction ID: 4da7117d65cc9a3c7cea6824d6c9e3abdba9f99dbfa8101a22d3d5e416e87f02
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54F0623B92C647C2E760AF11E6C516C76E4FF48B85F095131D7A886262CF7CD4A8CB01
                                                                                                                                                                                                                                                Function 00007FFE74D4F870 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                                • Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                • Instruction ID: 764773005aca49cf8bad93845f44fc878b640cf8d84abdb9eb474f05132cfe10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F03633E2C54AC6DB155F29E1C50AD3360FB44B54F648035DBA84B679DE38D896C742
                                                                                                                                                                                                                                                Function 00007FFE74D461B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: From$CharStringUnicode_Widewsprintf
                                                                                                                                                                                                                                                • String ID: IID('%ws')
                                                                                                                                                                                                                                                • API String ID: 3341265217-2301737843
                                                                                                                                                                                                                                                • Opcode ID: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                                • Instruction ID: 4cc28c5af18a4a73e2c866ce0691287314a337f750bde92b7854efba80e13ce6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0CD66A2CA8AD1EB619B54E4943AD6360FB88764F800331D6ED066F5DE2CD14ECB00
                                                                                                                                                                                                                                                Function 00007FFE74D76430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23encryptionCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CertDeleteErr_FromStoreString
                                                                                                                                                                                                                                                • String ID: CertDeleteCTLFromStore$The certificate trust context has been closed
                                                                                                                                                                                                                                                • API String ID: 625287200-2833492776
                                                                                                                                                                                                                                                • Opcode ID: d5f5d27a0f90addbe0dc6293a08970713683563a2c6710282950f8c75fd82afe
                                                                                                                                                                                                                                                • Instruction ID: 0d653f368ca3b6778bea0da11cf5876c91c9495f6a42e3091c70374402fd2ae3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5f5d27a0f90addbe0dc6293a08970713683563a2c6710282950f8c75fd82afe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF07A26F2D903C1EB159F5ADCD11783365BBD4B99B844532CAAE47231EE2CD59E8300
                                                                                                                                                                                                                                                Function 00007FFE74D77140 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578160281.00007FFE74D71000.00000020.00000001.01000000.00000032.sdmp, Offset: 00007FFE74D70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578142804.00007FFE74D70000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578182346.00007FFE74D81000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578202825.00007FFE74D8B000.00000004.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578220252.00007FFE74D8E000.00000002.00000001.01000000.00000032.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BuildSizeValue_
                                                                                                                                                                                                                                                • String ID: Value$ValueType${s:k,s:u#}
                                                                                                                                                                                                                                                • API String ID: 1740464280-1382112235
                                                                                                                                                                                                                                                • Opcode ID: 7f076c615a03d93ee95bbe3148c90c539ee6a1201ca250ba2e3820517ca867b8
                                                                                                                                                                                                                                                • Instruction ID: 612fd445f4055b173302f6d5606650ef5884fcddb4726443dd87ecee90518d0d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f076c615a03d93ee95bbe3148c90c539ee6a1201ca250ba2e3820517ca867b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3E0B632B29B4AC2DF10CF08E88156833A8F785748BA40021DB9C43334EE3DD51ACB04
                                                                                                                                                                                                                                                Function 00007FFE75851FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: strncmp
                                                                                                                                                                                                                                                • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                                • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                                • Opcode ID: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                                                                • Instruction ID: 434ca958d3edc9f74628824459a444e3f7b3196803958eb0226c4f13874a6012
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D61F773B2974647F7609A19A80067EE652FB90F90F544235EA6B87AE8DF3DE401A700
                                                                                                                                                                                                                                                Function 00007FFE7571B506 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: out of memory$string or blob too big
                                                                                                                                                                                                                                                • API String ID: 3510742995-2410398255
                                                                                                                                                                                                                                                • Opcode ID: fbb4dafd0a6be070e2d76bd2d42bef59fcfdb936f2f040c068530713021ab583
                                                                                                                                                                                                                                                • Instruction ID: 0d8810372e169e8d825e841835fbbdc32a7b12f86df7ca102afbbaf54f582292
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbb4dafd0a6be070e2d76bd2d42bef59fcfdb936f2f040c068530713021ab583
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2961A267B2979282E7149F26E44027EABA0FB85F94F110431EFAD57BA5DE3CE4028710
                                                                                                                                                                                                                                                Function 00007FFE756E85B0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID: (join-%u)$(subquery-%u)
                                                                                                                                                                                                                                                • API String ID: 3510742995-2916047017
                                                                                                                                                                                                                                                • Opcode ID: b7bfc3dbd21539bfb7ebed18bb2dcfa1b9ea1d55930205eba394a99b17038129
                                                                                                                                                                                                                                                • Instruction ID: 03fdbd08a4b656690f00073fa0ffbf7993cada09e30fbe24d82f9d48e7ac88e0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7bfc3dbd21539bfb7ebed18bb2dcfa1b9ea1d55930205eba394a99b17038129
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F51BE73A297CB86FBA19B61D45467B2764FF51FA4F604631DA3D072E4DE2CE8818700
                                                                                                                                                                                                                                                Function 00007FFE74D4B220 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_FreeMem_Memoryfreemalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 182096997-0
                                                                                                                                                                                                                                                • Opcode ID: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                                • Instruction ID: 66af29edc89003793427761ee17cec9d7f6b8ce1aec9ed944549b137a16ca65d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941A373A28A59C5DA119F99D4841BDB7A0FBA4BA4F484231DFAC137A4DF38D45AC700
                                                                                                                                                                                                                                                Function 00007FFE757077F0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$2d3a40c05c49e1a49264912b1a05bc2143ac0e7c3df588276ce80a4cbc9bd1b0$database corruption
                                                                                                                                                                                                                                                • API String ID: 0-3418467682
                                                                                                                                                                                                                                                • Opcode ID: 8577bfbe5d932445ad4f04faa4fad4ca1e8a6b6e449546e0024e713a034ae5f8
                                                                                                                                                                                                                                                • Instruction ID: a02299193948a1f100a7b467421242b613a8dfc62046119dee71a8f1de6b01bf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8577bfbe5d932445ad4f04faa4fad4ca1e8a6b6e449546e0024e713a034ae5f8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF31BD73A1A3C18EE705CF2AE49007D7BA0E741F45B04813AEFA94B3A9EA3CD555C760
                                                                                                                                                                                                                                                Function 00007FFE74D449F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3353409452-0
                                                                                                                                                                                                                                                • Opcode ID: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                                • Instruction ID: 64edb24c9b1db5af050a6b5e1c4ff322172155f2ab4a0f784e3a4e2adec60f66
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8112A22A28B44C6E720CF26F48006AB770FB88B80B445039DB9D83B65EF7CE0558745
                                                                                                                                                                                                                                                Function 00007FFE75852C1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                                                                • Instruction ID: f1c1657c4c549138568bb0d80dcecdb95fd4a40024b9d802855ed71ed55619e3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75111C26B24F018AFF008F60E8542A933A4FB19B58F440A31EA6D467B4DF78E1588380
                                                                                                                                                                                                                                                Function 00007FFE7847150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582290860.00007FFE78471000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FFE78470000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582272911.00007FFE78470000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582307436.00007FFE78473000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582323693.00007FFE78475000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78470000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                • Instruction ID: b4746b6cc1476ad0c32f2880b25275c528f0c909c6aa255f90327c774c46488c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A111C32B24B4189EB008B61E8542B837A4F729758F540D31DAAD467A8FFB8D2988340
                                                                                                                                                                                                                                                Function 00007FFE74D3456C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                                                                                • Instruction ID: 406d1c60604491a6ab729a7c39518d0522e09efcf0696d651f1d1162eb9986c6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C11F126B69F01C9EB00CF60E8952B833A4FB59758F441D35EB6D46764DF7CD1588740
                                                                                                                                                                                                                                                Function 00007FFE76025DEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3580592480.00007FFE75E71000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE75E70000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580575190.00007FFE75E70000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE76104000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE76126000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE76130000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE76133000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE761A9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3580987358.00007FFE76274000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581393952.00007FFE7637A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581444349.00007FFE763E3000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581549334.00007FFE763EB000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581567787.00007FFE763EC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581612633.00007FFE7646E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581630827.00007FFE7646F000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581649825.00007FFE76472000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581667445.00007FFE76474000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581685601.00007FFE7647E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581738797.00007FFE764A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581756813.00007FFE764A5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581811550.00007FFE764A6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581827974.00007FFE764A7000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581845538.00007FFE764A9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581890840.00007FFE764B5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581908795.00007FFE764B6000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581934036.00007FFE764F8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3581959713.00007FFE76515000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75e70000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: bc9f59a275278b22ab0751839799e916e70e964e8d0589cc8f7ba8bc18b1ab56
                                                                                                                                                                                                                                                • Instruction ID: 9aa5c225f60e81f084c0b9fd61a6a459a7ba74c4bd19f766273c641ce1613a55
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc9f59a275278b22ab0751839799e916e70e964e8d0589cc8f7ba8bc18b1ab56
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B311FE26B24F0589EF00DF60E8952B933A4FB59758F441E35EA7D46BA4DF78D198C340
                                                                                                                                                                                                                                                Function 00007FFE7845150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3582072210.00007FFE78451000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFE78450000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582054414.00007FFE78450000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582090123.00007FFE78454000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582106730.00007FFE78455000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3582123217.00007FFE78456000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe78450000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                • Opcode ID: 493cd77a90e5c295e0a13832c877ca8242a8c7c6650e20918972179ee45c67e9
                                                                                                                                                                                                                                                • Instruction ID: a191e6ab5f5dab6fa920ea07c39533b90439b600f92b92952f325686d2a56cce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 493cd77a90e5c295e0a13832c877ca8242a8c7c6650e20918972179ee45c67e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB111226B14B0189EB008B61E8542BD3764F719B58F540D32DA6D46B64FF78D1588340
                                                                                                                                                                                                                                                Function 00007FFE74D44960 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3353409452-0
                                                                                                                                                                                                                                                • Opcode ID: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                                • Instruction ID: 08c26a6898f60cd775e7ed01a656577fd33a7bf850a795935ae958a9abb63948
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED012822A29B95C2EB04CF26E48006D6761FB88F84B085039EF6D43328EF39C496C745
                                                                                                                                                                                                                                                Function 00007FFE74D48970 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2992339461-0
                                                                                                                                                                                                                                                • Opcode ID: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                                • Instruction ID: 840bc95632c5693535c2eb3ecaea749b47954a4948720c34563424f36ca32b59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8F01D26B29B06C2EE449B16B998379A261AB49BC4F184034DF9E47765DF7DD4898300
                                                                                                                                                                                                                                                Function 00007FFE74D4A170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: PyImport_ImportModule.PYTHON312 ref: 00007FFE74D49861
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: PyObject_GetAttrString.PYTHON312 ref: 00007FFE74D4987D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: _Py_Dealloc.PYTHON312 ref: 00007FFE74D4988F
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: PyTuple_New.PYTHON312 ref: 00007FFE74D4989C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: PyObject_CallMethod.PYTHON312 ref: 00007FFE74D498BB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: _Py_Dealloc.PYTHON312 ref: 00007FFE74D498D1
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D49840: _Py_Dealloc.PYTHON312 ref: 00007FFE74D498E7
                                                                                                                                                                                                                                                • PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFE74D499ED), ref: 00007FFE74D4A1B4
                                                                                                                                                                                                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFE74D499ED), ref: 00007FFE74D4A213
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
                                                                                                                                                                                                                                                • String ID: max
                                                                                                                                                                                                                                                • API String ID: 66079785-2641765001
                                                                                                                                                                                                                                                • Opcode ID: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                                • Instruction ID: 4102a9f94b987bb88ba6101c04c3c404079c1a3008343f53b2cebcfdd02d38d6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C113A32A1C696C2D7558F16E580039B3A1FB88B84F044031EFAD07BA8EF3CE465D701
                                                                                                                                                                                                                                                Function 00007FFE74D49960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • PyArg_ParseTuple.PYTHON312 ref: 00007FFE74D49982
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D46350: PyLong_AsLongLong.PYTHON312 ref: 00007FFE74D46375
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D46350: PyErr_Occurred.PYTHON312 ref: 00007FFE74D46384
                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32 ref: 00007FFE74D499B9
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C0AB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C11A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C1EB
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C200
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C218
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C22D
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4C090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFE74D4786D,?,?,00000000,00007FFE74D47BE2,?,?,?,00007FFE74D41911), ref: 00007FFE74D4C23C
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_LongTime$Arg_BuildDeallocDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSizeSystemTupleUnicode_Value_
                                                                                                                                                                                                                                                • String ID: FileTimeToSystemTime
                                                                                                                                                                                                                                                • API String ID: 2951598573-1754531670
                                                                                                                                                                                                                                                • Opcode ID: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                                • Instruction ID: 61abdea5cf2bd23f378637e894c878dc7bbb595dcf4b80c7eabba4efb8ac238d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89115473E2C586C2EA51AF25E49146A73A1FB89744F801031EBDD82569EE2CE50A8B00
                                                                                                                                                                                                                                                Function 00007FFE74D33244 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                                                                                • Instruction ID: 7a701c4d230d0d273cb5143c218349c7d1f6abbc618f908b06527bacf4d808e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89110736629B81C2EB618F15E58026977E5FB88B84F584234DBDC07768DF7CD5558B00
                                                                                                                                                                                                                                                Function 00007FFE75854B1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                                • String ID: no such name
                                                                                                                                                                                                                                                • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                                • Opcode ID: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                                                                • Instruction ID: 2365494b6946c2e89a7e6a93b5a87b6bd9746075eb43e31f486431d4f79d4bfb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A014473A3874283FB619B65E8513B9A790BF58F84F540031DA6E86375EF2DE1049701
                                                                                                                                                                                                                                                Function 00007FFE74D42E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                • String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
                                                                                                                                                                                                                                                • API String ID: 3371842430-1263352432
                                                                                                                                                                                                                                                • Opcode ID: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                                • Instruction ID: 11687258651dcceb58900665062fd22d647dd049905737aed7bbffd567c2eaf9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD01A976A18745C2DA11CB69E4804AAB7A0F799794F540226EBDC43B28EE3CD1998F00
                                                                                                                                                                                                                                                Function 00007FFE74D465C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                • String ID: :OVERLAPPED
                                                                                                                                                                                                                                                • API String ID: 709158290-1552635527
                                                                                                                                                                                                                                                • Opcode ID: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                                • Instruction ID: eb09c83aaab4b937ac0a06fd6f619ef13ad22a289baa3d050e0495a4937407e9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42010C32A28B81C2D7148F21A980169B3E4FBA9B44F556235DA9D43724EF7CD5A5C740
                                                                                                                                                                                                                                                Function 00007FFE74D4CCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4AED0: PyUnicode_AsWideCharString.PYTHON312 ref: 00007FFE74D4AF0A
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4AED0: PyErr_SetString.PYTHON312 ref: 00007FFE74D4AF29
                                                                                                                                                                                                                                                • PyErr_Clear.PYTHON312 ref: 00007FFE74D4CCFC
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB65
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB73
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB81
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB90
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB9B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBA4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBB3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBC7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Format.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBE6
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D4CD32
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FFE74D4CD21
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
                                                                                                                                                                                                                                                • String ID: Resource id/name must be unicode or int in the range 0-65536
                                                                                                                                                                                                                                                • API String ID: 293670993-4091729669
                                                                                                                                                                                                                                                • Opcode ID: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                                • Instruction ID: e0e33ee55f88b6c97d5a6d8be7848d241bbf38bd1fbc64a7ad941ee30c0336ed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F0A432B2C546C1FB519B29F5C43795290AB48BC4F044030DFAD86664EF2CD0899301
                                                                                                                                                                                                                                                Function 00007FFE74D4CC40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4AAE0: PyErr_SetString.PYTHON312 ref: 00007FFE74D4AB1F
                                                                                                                                                                                                                                                • PyErr_Clear.PYTHON312 ref: 00007FFE74D4CC5C
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyNumber_Long.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB65
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB73
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB81
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB90
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Clear.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CB9B
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBA4
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBB3
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBC7
                                                                                                                                                                                                                                                  • Part of subcall function 00007FFE74D4CB50: PyErr_Format.PYTHON312(?,?,?,00007FFE74D44F6E), ref: 00007FFE74D4CBE6
                                                                                                                                                                                                                                                • PyErr_SetString.PYTHON312 ref: 00007FFE74D4CC92
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Resource id/name must be string or int in the range 0-65536, xrefs: 00007FFE74D4CC81
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                • String ID: Resource id/name must be string or int in the range 0-65536
                                                                                                                                                                                                                                                • API String ID: 286819204-907244015
                                                                                                                                                                                                                                                • Opcode ID: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                                • Instruction ID: cf91e0e1af44405bdddce0d7b5c0ed08b22664a5596cb891e5f8071e5abc7ff7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFF0AF32B2CA06C1FB519B26F9C43795290AB88BC4F459030DFAD83668EE2CD4898301
                                                                                                                                                                                                                                                Function 00007FFE74D4D190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DeallocSequence_Tuple
                                                                                                                                                                                                                                                • String ID: Sequence can contain at most %d items
                                                                                                                                                                                                                                                • API String ID: 1991852567-3507602910
                                                                                                                                                                                                                                                • Opcode ID: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                                • Instruction ID: 0021e47e8311a67b93d8e209d0c705bbe7beacf88f2737b49ef544480fc521ac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF04F73A2DA46C2EA558B16A590074A3A1FBC8B90F041035DFBD037A4DE3CD4998B00
                                                                                                                                                                                                                                                Function 00007FFE74D4A590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Capsule_ImportReadyType_
                                                                                                                                                                                                                                                • String ID: datetime.datetime_CAPI
                                                                                                                                                                                                                                                • API String ID: 2581296196-711417590
                                                                                                                                                                                                                                                • Opcode ID: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                                • Instruction ID: d298396a310622c8d4e41712f7c9e574efe4282127b43c33442df5d81bafe357
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE01A876A2DF42C1EB46CB15E8D006473A0FB88B90F558131CAAD83374EF3CD49AC601
                                                                                                                                                                                                                                                Function 00007FFE74D451D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Long$Arg_FromLong_ParseTuple
                                                                                                                                                                                                                                                • String ID: :Detach
                                                                                                                                                                                                                                                • API String ID: 1152936543-4103459575
                                                                                                                                                                                                                                                • Opcode ID: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                                • Instruction ID: 14529287192c945835c3caab66366f7f825cf4e954a2499dea95574f24b97692
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBF08222728645C2EB954B25F9C436962A0BB44BC0F885035DFAD87768FE3CD4989300
                                                                                                                                                                                                                                                Function 00007FFE758525C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFE75852533), ref: 00007FFE758525C6
                                                                                                                                                                                                                                                • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFE75852533), ref: 00007FFE758525F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579580096.00007FFE75851000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE75850000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579562089.00007FFE75850000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75855000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758B2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE758FE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75902000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE75907000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579601970.00007FFE7595F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579817888.00007FFE75962000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579835069.00007FFE75964000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe75850000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Object_$Track
                                                                                                                                                                                                                                                • String ID: 3.2.0
                                                                                                                                                                                                                                                • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                                • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                                • Instruction ID: c68dfdb9feef0ff8920257e6c40d274b5330003e7425ad897c2f452500b90584
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DE0E526A29B0292FB159F11E8440B8A3A4AF08F14B540235CD6E42330FF3DE1A8E380
                                                                                                                                                                                                                                                Function 00007FFE74D488D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DescriptorLengthParseSecurityTuple
                                                                                                                                                                                                                                                • String ID: :GetLength
                                                                                                                                                                                                                                                • API String ID: 840013968-295138441
                                                                                                                                                                                                                                                • Opcode ID: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                                • Instruction ID: 000650ed11ca12d0ac7944e5f588714d0062996a4efd12dc3db0e79e5a041e75
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E0B652B2DA46C2EB594B76A8940755290AF58B94F041030CE6E86270FE6CA9D99200
                                                                                                                                                                                                                                                Function 00007FFE74D490D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_AuthorityCountParseSizeTuple_
                                                                                                                                                                                                                                                • String ID: :GetSubAuthorityCount
                                                                                                                                                                                                                                                • API String ID: 3376985458-2020981275
                                                                                                                                                                                                                                                • Opcode ID: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                                • Instruction ID: 8bb171077f39fa683d90019f84bba137cf446f2a4e88eeabe0af6beb81ae273e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67E08C52B2C946C2EB5A4B76ACD007566E0EF48B81F044030CFFE86270EE2CA5E9A700
                                                                                                                                                                                                                                                Function 00007FFE74D48890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                • String ID: :IsValid
                                                                                                                                                                                                                                                • API String ID: 1292091245-2800628479
                                                                                                                                                                                                                                                • Opcode ID: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                                • Instruction ID: 6f76583567601cafcf41887f50024ef946a93d04d1b1118b1d1fe11d46829e60
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19E0EC52F2D90AC2EB5A4BB6AC940755290EF98B94F441030CE6D86370FE6CE5DA9300
                                                                                                                                                                                                                                                Function 00007FFE74D49090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Arg_LengthParseSizeTuple_
                                                                                                                                                                                                                                                • String ID: :GetLength
                                                                                                                                                                                                                                                • API String ID: 986722786-295138441
                                                                                                                                                                                                                                                • Opcode ID: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                                • Instruction ID: fee8367cf403154cd8a0d25641c456ae7f8925157b076280d5af7fc7ba56c002
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E0EC92F3D90AC2EB5A4BB6AC900755291EF48B94F441430CEBE86370FE6C95D99600
                                                                                                                                                                                                                                                Function 00007FFE74D4C880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3578068774.00007FFE74D41000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFE74D40000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578050721.00007FFE74D40000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578087705.00007FFE74D50000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578106536.00007FFE74D5E000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578124221.00007FFE74D61000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d40000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Err_String
                                                                                                                                                                                                                                                • String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
                                                                                                                                                                                                                                                • API String ID: 1450464846-334919720
                                                                                                                                                                                                                                                • Opcode ID: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                                • Instruction ID: 8e220bab9896454900fe17d58c8498e7e6d7db14681b9325e0382fccd4d19ddd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CE01262E1DA46D1E6018B15E8C52A5B3A0FB45B48F959032C76C47230EF3CD19ED701
                                                                                                                                                                                                                                                Function 00007FFE7572C590 Relevance: 5.2, APIs: 4, Instructions: 220COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3579399124.00007FFE756E1000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFE756E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579382001.00007FFE756E0000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579492376.00007FFE7580C000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579522337.00007FFE7583A000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3579539682.00007FFE7583F000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe756e0000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                                                                • Opcode ID: 0fc1c0f9dbc0d14581934465c76cd318a675b62778fa82b6186cc9449e27d309
                                                                                                                                                                                                                                                • Instruction ID: 1a8a4c47e1aad797afabd59cdb6363727ec46faf63f11e072e1f775852256d00
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc1c0f9dbc0d14581934465c76cd318a675b62778fa82b6186cc9449e27d309
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9191C433A2A7829AEA549E12A45423A77A8FF54FD0F189635EE6D07BD1DF7CE410C700
                                                                                                                                                                                                                                                Function 00007FFE74D33464 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFE74D33325,?,?,?,?,00007FFE74D341CA,?,?,?,?,?), ref: 00007FFE74D33483
                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FFE74D33325,?,?,?,?,00007FFE74D341CA,?,?,?,?,?), ref: 00007FFE74D3350B
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.3577981489.00007FFE74D31000.00000020.00000001.01000000.00000034.sdmp, Offset: 00007FFE74D30000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577964647.00007FFE74D30000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3577999770.00007FFE74D35000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578017002.00007FFE74D38000.00000004.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.3578033548.00007FFE74D39000.00000002.00000001.01000000.00000034.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ffe74d30000_hSyJxPUUDx.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                                                                                                • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                                                                                • Instruction ID: 50dac55ba78be7f2379ffe52227ddb5273aecabed880dc66831b5a948d7bc3ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6116062F3D642C3FA109B65AA941382691AF487A0F144634EBBE073F4DF7CE8498610